CVE-2011-3000 (retired)

Priority
Description
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0,
and SeaMonkey before 2.4 do not properly handle HTTP responses that contain
multiple Location, Content-Length, or Content-Disposition headers, which
makes it easier for remote attackers to conduct HTTP response splitting
attacks via crafted header values.
Package
Upstream:released (3.6.23, 7.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (2.4)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.1.5, 7.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:released (1.9.2.23)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-03-26 11:57:50 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)