Mozilla Foundation Security Advisory 2007-31

Digest authentication request splitting

Announced

October 18, 2007

Reporter

Stefano Di Paola

Impact

Moderate

Products

Firefox, SeaMonkey

Fixed in

Firefox 2.0.0.8
SeaMonkey 1.1.5

Description

Security researcher Stefano Di Paola reported that Firefox did not properly validate the user ID when making an HTTP request using Digest Authentication to log into a web site. A malicious page could abuse this to inject arbitrary HTTP headers by including a newline character in the user ID followed by the injected header data. If the user were connecting through a proxy the attacker could inject headers that a proxy would interpret as two separate requests for different hosts.

References

IE 7 and Firefox Browsers Digest Authentication Request Splitting
https://bugzilla.mozilla.org/show_bug.cgi?id=378787
CVE-2007-2292

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2007-31

Digest authentication request splitting

Description

References