Home > Vulnerability Database > CVE-2006-2786

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2006-2786

Date: June 2, 2006

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.

Severity Score

3.7

Related Resources (51)

Url: http://www.securityfocus.com/archive/1/446657/100/200/threaded

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-2786

Url: http://www.securityfocus.com/archive/1/435795/100/0/threaded

Url: http://www.debian.org/security/2006/dsa-1118

Url: http://www.redhat.com/support/errata/RHSA-2006-0611.html

Url: http://secunia.com/advisories/21532

Url: http://www.securityfocus.com/archive/1/446658/100/200/threaded

Url: http://secunia.com/advisories/21336

Url: http://www.redhat.com/support/errata/RHSA-2006-0610.html

Url: http://www.redhat.com/support/errata/RHSA-2006-0594.html

Url: https://usn.ubuntu.com/297-1/

Url: http://www.vupen.com/english/advisories/2006/3749

Url: http://www.redhat.com/support/errata/RHSA-2006-0578.html

Url: http://secunia.com/advisories/22065

Url: http://www.vupen.com/english/advisories/2006/3748

Url: http://secunia.com/advisories/21176

Url: http://secunia.com/advisories/22066

Url: http://secunia.com/advisories/20561

Url: http://secunia.com/advisories/21178

Url: http://secunia.com/advisories/21134

Url: http://www.debian.org/security/2006/dsa-1120

Url: http://secunia.com/advisories/20376

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-2786

Url: http://secunia.com/advisories/21269

Url: https://usn.ubuntu.com/323-1/

Url: http://secunia.com/advisories/21183

Url: http://secunia.com/advisories/21188

Url: http://www.debian.org/security/2006/dsa-1134

Url: http://securitytracker.com/id?1016214

Url: http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml

Url: http://secunia.com/advisories/20709

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/26844

Url: http://www.vupen.com/english/advisories/2008/0083

Url: http://secunia.com/advisories/21631

Url: https://access.redhat.com/security/cve/CVE-2006-2786

Url: https://usn.ubuntu.com/296-2/

Url: http://secunia.com/advisories/21270

Url: http://secunia.com/advisories/20382

Url: http://rhn.redhat.com/errata/RHSA-2006-0609.html

Url: http://securitytracker.com/id?1016202

Url: https://usn.ubuntu.com/296-1/

Url: http://secunia.com/advisories/21324

Url: http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml

Url: http://www.mozilla.org/security/announce/2006/mfsa2006-33.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9966

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:143

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:145

Url: http://www.securityfocus.com/bid/18228

Url: http://www.vupen.com/english/advisories/2006/2106

Url: http://www.novell.com/linux/security/advisories/2006_35_mozilla.html

Url: https://www.mend.io/vulnerability-database/CVE-2006-2786

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us