Kazuho Oku

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 1.5.0.3 and earlier **Description** The issue is related to a problem in processing the content-length header. **Recommendations** For versions 1.5.0.3 and earlier, update to a version that fixes the issue with processing the content-length header.

**Name of the Vulnerable Software and Affected Versions** H2O versions 2.2.2 and earlier **Description** The issue allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. **Recommendations** For versions 2.2.2 and earlier, update to a version later than 2.2.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** H2O versions 2.2.2 and earlier **Description** The issue allows remote attackers to cause a denial-of-service in the server via unspecified vectors. This is a result of a buffer overflow. **Recommendations** For H2O versions 2.2.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H2O versions 2.2.3 and earlier **Description** The issue allows remote attackers to cause a denial of service in the server via unspecified vectors. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For H2O versions 2.2.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H2O versions 2.2.3 and earlier **Description** The issue allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. **Recommendations** For versions 2.2.3 and earlier, update to a version later than 2.2.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** H2O (affected versions not specified) **Description** A use-after-free issue allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H2O versions 2.0.3 and earlier H2O version 2.1.0-beta2 and earlier **Description** The issue allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file. This can be achieved through various means such as fastcgi, mruby, proxy, redirect, or reproxy. **Recommendations** For H2O versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue. For H2O version 2.1.0-beta2 and earlier, update to a version later than 2.1.0-beta2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Squid versions prior to 3.1.1 **Description** A CRLF injection issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 1.5.0.4 Mozilla Thunderbird versions prior to 1.5.0.4 **Description** The issue allows remote attackers to cause the browser to interpret certain responses as if they were responses from two different sites. This can occur via invalid HTTP response headers with spaces between the header name and the colon, or through HTTP 1.1 headers sent via an HTTP 1.0 proxy. The proxy ignores these headers, but the client processes them. **Recommendations** For Mozilla Firefox versions prior to 1.5.0.4, update to version 1.5.0.4 or later. For Mozilla Thunderbird versions prior to 1.5.0.4, update to version 1.5.0.4 or later.