CVE-2005-2703: Code Injection
First published: Fri Sep 23 2005(Updated: )
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =1.0.2 | |
| Mozilla Firefox | <=1.0.6 | |
| Mozilla Mozilla Suite | <=1.7.11 | |
| Mozilla Mozilla Suite | =1.7.10 | |
| Mozilla Firefox | =1.0.4 | |
| Mozilla Mozilla Suite | =1.7.8 | |
| Mozilla Firefox | =1.0 | |
| Mozilla Firefox | =1.0.1 | |
| Mozilla Firefox | =1.0.3 | |
| Mozilla Mozilla Suite | =1.7.7 | |
| Mozilla Mozilla Suite | =1.7.6 | |
| Mozilla Firefox | =1.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/mfsa2005-58.html
- http://www.redhat.com/support/errata/RHSA-2005-785.html
- http://securitytracker.com/id?1014954
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
- http://www.ubuntu.com/usn/usn-200-1
- http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
- http://www.redhat.com/support/errata/RHSA-2005-789.html
- http://www.securityfocus.com/bid/14923
- http://secunia.com/advisories/16911
- http://secunia.com/advisories/16917
- http://www.debian.org/security/2005/dsa-868
- http://www.redhat.com/support/errata/RHSA-2005-791.html
- http://www.securityfocus.com/bid/15495
- http://secunia.com/advisories/17042
- http://secunia.com/advisories/17090
- http://secunia.com/advisories/17149
- http://secunia.com/advisories/17284
- http://www.debian.org/security/2005/dsa-838
- http://www.debian.org/security/2005/dsa-866
- http://secunia.com/advisories/17026
- http://secunia.com/advisories/17263
- http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
- http://secunia.com/advisories/16977
- http://secunia.com/advisories/17014
- http://www.vupen.com/english/advisories/2005/1824
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22376
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1089
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10767
Frequently Asked Questions
What is the severity of CVE-2005-2703?
CVE-2005-2703 is considered a moderate to high severity vulnerability due to the potential for HTTP request smuggling and splitting attacks.
How do I fix CVE-2005-2703?
To fix CVE-2005-2703, upgrade to Mozilla Firefox version 1.0.7 or later, or Mozilla Suite version 1.7.12 or later.
What types of software are affected by CVE-2005-2703?
CVE-2005-2703 affects Mozilla Firefox versions prior to 1.0.7 and Mozilla Suite versions prior to 1.7.12.
What can an attacker do with CVE-2005-2703?
An attacker can exploit CVE-2005-2703 to modify HTTP headers of XMLHttpRequests made by the client, potentially leading to further attacks on servers or proxies.
When was CVE-2005-2703 reported?
CVE-2005-2703 was reported in 2005 as a vulnerability affecting certain versions of Firefox and Mozilla Suite.
- agent/references
- agent/type
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.0.2
- version/mozilla firefox/1.0.6
- canonical/mozilla mozilla suite
- version/mozilla mozilla suite/1.7.11
- version/mozilla mozilla suite/1.7.10
- version/mozilla firefox/1.0.4
- version/mozilla mozilla suite/1.7.8
- version/mozilla firefox/1.0
- version/mozilla firefox/1.0.1
- version/mozilla firefox/1.0.3
- version/mozilla mozilla suite/1.7.7
- version/mozilla mozilla suite/1.7.6
- version/mozilla firefox/1.0.5