CVE-2012-0475 — Mozilla Seamonkey vulnerability

CWE-2648 documents6 sources

Severity

2.6LOWNVD

EPSS

0.3%

top 47.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedApr 25

Latest updateMay 4

Description

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/seamonkey2.9+64

▶NVDmozilla/firefox17 versions+16

▶NVDmozilla/thunderbird15 versions+14

🔴Vulnerability Details

GHSA

GHSA-hrwx-3jg2-pr78: Mozilla Firefox 4↗2022-05-04

▶

CVEList

CVE-2012-0475: Mozilla Firefox 4↗2012-04-25

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-05-04

▶

Ubuntu

ubufox update↗2012-04-27

▶

Ubuntu

Firefox vulnerabilities↗2012-04-27

▶

Red Hat

Multiple flaws in Firefox 12 which do not affect firefox 10.0.4 ESR↗2012-04-24

▶

💬Community

Bugzilla

CVE-2011-1187 CVE-2012-0475 Multiple flaws in Firefox 12 which do not affect firefox 10.0.4 ESR↗2012-04-23

▶