CVE-2012-0475
Published: 25 April 2012
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(12.0+build1-0ubuntu0.10.04.1)
|
|
natty |
Released
(12.0+build1-0ubuntu0.11.04.1)
|
|
oneiric |
Released
(12.0+build1-0ubuntu0.11.10.1)
|
|
precise |
Released
(12.0+build1-0ubuntu0.12.04.1)
|
|
quantal |
Not vulnerable
(12.0+build1-0ubuntu0.12.04.1)
|
|
raring |
Not vulnerable
(12.0+build1-0ubuntu0.12.04.1)
|
|
saucy |
Not vulnerable
(12.0+build1-0ubuntu0.12.04.1)
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
thunderbird Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(12.0.1+build1-0ubuntu0.10.04.1)
|
|
natty |
Released
(12.0.1+build1-0ubuntu0.11.04.1)
|
|
oneiric |
Released
(12.0.1+build1-0ubuntu0.11.10.1)
|
|
precise |
Released
(12.0.1+build1-0ubuntu0.12.04.1)
|
|
quantal |
Not vulnerable
(15.0+build1-0ubuntu1)
|
|
raring |
Not vulnerable
(15.0+build1-0ubuntu1)
|
|
saucy |
Not vulnerable
(15.0+build1-0ubuntu1)
|
|
upstream |
Released
(12.0.1)
|
|
xulrunner-1.9.2 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|
|
xulrunner-2.0 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|