NVD

Id
42570  
Name
CVE-2012-0475  
Description
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-04-25  
Modified Date
2013-11-02  
Seq
2012-0475  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
214516 42570 CVE-2012-0475 oval:org.mitre.oval:def:16279  View
214517 42570 CVE-2012-0475 http://www.mozilla.org/security/announce/2012/mfsa2012-28.html  View
214518 42570 CVE-2012-0475 53230  View
214519 42570 CVE-2012-0475 https://bugzilla.mozilla.org/show_bug.cgi?id=694576  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
26429 JVNDB-2012-002136 複数の Mozilla 製品における IPv6 リテラルのアクセス制御リスト (ACL) を回避される脆弱性 複数の Mozilla 製品は、Origin および Sec-WebSocket-Origin HTTP ヘッダを適切に構成しないため、IPv6 リテラルのアクセス制御リスト (ACL) を回避される脆弱性が存在します。 CVE-2012-0475 53713 CVE-2012-0475 42570 2.6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002136.html 2012-04-24 2012-04-26 View