Bug 815187 (CVE-2011-1187, CVE-2012-0475) - CVE-2011-1187 CVE-2012-0475 Multiple flaws in Firefox 12 which do not affect firefox 10.0.4 ESR
Summary: CVE-2011-1187 CVE-2012-0475 Multiple flaws in Firefox 12 which do not affect ...
Alias: CVE-2011-1187, CVE-2012-0475
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
Blocks: 812268
TreeView+ depends on / blocked
Reported: 2012-04-23 04:37 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-24 12:36 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-04-23 04:40:21 UTC

Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2012-04-23 04:37:27 UTC
Multiple flaws were fixed in Mozilla Firefox and Thunderbird 12, the flaws described below do however do not affect the version of Firefox 10.0.4 ESR and Thunderbird 10.0.4 shipped with Red Hat Enterprise Linux.

Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server.

Security researcher Daniel Divricean reported that a defect in the error handling of javascript errors can leak the file names and location of javascript files on a server, leading to inadvertent information disclosure and a vector for further attacks. 

Comment 1 Huzaifa S. Sidhpurwala 2012-04-23 04:40:21 UTC

Not Vulnerable. These issues do not affect the versions of firefox and thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.