CVE-2006-2786

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	1.5.0.3 (including)
Thunderbird	Mozilla	*	1.5.0.3 (including)
Red Hat Enterprise Linux 3	RedHat	seamonkey-0:1.0.2-0.1.0.EL3	*
Red Hat Enterprise Linux 4	RedHat	devhelp-0:0.10-0.2.el4	*
Red Hat Enterprise Linux 4	RedHat	seamonkey-0:1.0.3-0.el4.1	*
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.5.0.5-0.el4.1	*
Red Hat Enterprise Linux 4	RedHat	thunderbird-0:1.5.0.5-0.el4.1	*
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Enterprise Linux ES version 2.1	RedHat		*
Red Hat Enterprise Linux WS version 2.1	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*
Firefox	Ubuntu	dapper	*
Firefox-granparadiso	Ubuntu	devel	*
Lightning-sunbird	Ubuntu	devel	*
Midbrowser	Ubuntu	devel	*
Mozilla-thunderbird	Ubuntu	dapper	*
Mozilla-thunderbird	Ubuntu	edgy	*
Mozilla-thunderbird	Ubuntu	feisty	*
Xulrunner	Ubuntu	devel	*
Xulrunner	Ubuntu	edgy	*
Xulrunner	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2786
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References