Bug 815187 - (CVE-2011-1187, CVE-2012-0475) CVE-2011-1187 CVE-2012-0475 Multiple flaws in Firefox 12 which do not affect firefox 10.0.4 ESR
CVE-2011-1187 CVE-2012-0475 Multiple flaws in Firefox 12 which do not affect ...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
Blocks: 812268
  Show dependency treegraph
Reported: 2012-04-23 00:37 EDT by Huzaifa S. Sidhpurwala
Modified: 2015-08-19 05:15 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-04-23 00:40:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Huzaifa S. Sidhpurwala 2012-04-23 00:37:27 EDT
Multiple flaws were fixed in Mozilla Firefox and Thunderbird 12, the flaws described below do however do not affect the version of Firefox 10.0.4 ESR and Thunderbird 10.0.4 shipped with Red Hat Enterprise Linux.

Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server.

Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks. 
Comment 1 Huzaifa S. Sidhpurwala 2012-04-23 00:40:21 EDT

Not Vulnerable. These issues do not affect the versions of firefox and thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.