Secunia
Login
|
|
CVE Reference: CVE-2012-0475 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2012-0475 |
|
|
Description: Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA48972 Secunia Advisory: SA49047 Secunia Advisory: SA49055 CONFIRM http://www.mozilla.org/security/announce/2012/mfsa2012-28.html BID 53230 |
|
| Return to the previous page. |
