Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Seamonkey | Mozilla | * | 2.31 (including) |
| Red Hat Enterprise Linux 5 | RedHat | firefox-0:31.4.0-1.el5_11 | * |
| Red Hat Enterprise Linux 5 | RedHat | thunderbird-0:31.4.0-1.el5_11 | * |
| Red Hat Enterprise Linux 6 | RedHat | firefox-0:31.4.0-1.el6_6 | * |
| Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:31.4.0-1.el6_6 | * |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:31.4.0-1.el7_0 | * |
| Red Hat Enterprise Linux 7 | RedHat | xulrunner-0:31.4.0-1.el7_0 | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | lucid | * |
| Firefox | Ubuntu | precise | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | utopic | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | lucid | * |
| Thunderbird | Ubuntu | precise | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | utopic | * |