|Date: (C)2007-04-26 (M)2017-10-12|| |
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 18.104.22.168 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
|CVSS Score: 4.3||Access Vector: NETWORK|
|Exploit Score: 8.6||Access Complexity: MEDIUM|
|Impact Score: 2.9||Authentication: NONE|
| ||Confidentiality: NONE|
| ||Integrity: PARTIAL|
| ||Availability: NONE|