Ian Graham

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.23 Mozilla Firefox versions 4.x through 6 Thunderbird versions prior to 7.0 SeaMonkey versions prior to 2.4 **Description** The issue arises from improper handling of HTTP responses containing multiple Location, Content-Length, or Content-Disposition headers. This makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. **Recommendations** For Mozilla Firefox versions prior to 3.6.23, update to version 3.6.23 or later. For Mozilla Firefox versions 4.x through 6, update to a version later than 6. For Thunderbird versions prior to 7.0, update to version 7.0 or later. For SeaMonkey versions prior to 2.4, update to version 2.4 or later.