Multiple flaws were fixed in Mozilla Firefox and Thunderbird 12, the flaws described below do however do not affect the version of Firefox 10.0.4 ESR and Thunderbird 10.0.4 shipped with Red Hat Enterprise Linux. Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-28.html Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks. Reference: http://www.mozilla.org/security/announce/2012/mfsa2012-32.html
Statement: Not Vulnerable. These issues do not affect the versions of firefox and thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6.