Red Hat Bugzilla – Bug 815187
CVE-2011-1187 CVE-2012-0475 Multiple flaws in Firefox 12 which do not affect firefox 10.0.4 ESR
Last modified: 2015-08-19 05:15:49 EDT
Multiple flaws were fixed in Mozilla Firefox and Thunderbird 12, the flaws described below do however do not affect the version of Firefox 10.0.4 ESR and Thunderbird 10.0.4 shipped with Red Hat Enterprise Linux.
Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server.
Not Vulnerable. These issues do not affect the versions of firefox and thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6.