CVE-2012-0451 — Code Injection in Mozilla Seamonkey

CWE-94 — Code Injection CWE-79 — Cross-site Scripting10 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 56.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Firefox ESR +2 more

Timeline

PublishedMar 14

Latest updateMay 4

Description

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶NVDmozilla/firefox14 versions+13

▶NVDmozilla/firefox_esr10.1, 10.2+1

▶NVDmozilla/thunderbird9 versions+8

▶NVDmozilla/thunderbird_esr10.0, 10.0.1, 10.0.2+2

▶NVDmozilla/seamonkey2.7+60

🔴Vulnerability Details

GHSA

GHSA-w37r-x9rf-6846: CRLF injection vulnerability in Mozilla Firefox 4↗2022-05-04

▶

CVEList

CVE-2012-0451: CRLF injection vulnerability in Mozilla Firefox 4↗2012-03-14

▶

📋Vendor Advisories

Ubuntu

GSettings desktop schemas regression↗2012-04-20

▶

Ubuntu

Thunderbird regressions↗2012-04-03

▶

Ubuntu

Thunderbird vulnerabilities↗2012-03-21

▶

Ubuntu

ubufox update↗2012-03-16

▶

Ubuntu

Firefox vulnerabilities↗2012-03-16

▶

💬Community

Bugzilla

CVE-2012-0451 Mozilla: XSS with multiple Content Security Policy headers (MFSA 2012-15)↗2012-03-14

▶