DescriptionCRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 18.104.22.168 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SA:2007:057, published Thu, 25 Oct 2007 18:00:00 +0000