CVE-2012-0475

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 11.0 Thunderbird versions 5.0 through 11.0 SeaMonkey versions prior to 2.9

Description The issue arises from the improper construction of the Origin and Sec-WebSocket-Origin HTTP headers, potentially allowing remote attackers to bypass an IPv6 literal ACL. This could occur through a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.

Recommendations For Mozilla Firefox versions 4.x through 11.0, update to a version outside of this range to resolve the issue. For Thunderbird versions 5.0 through 11.0, update to a version outside of this range to resolve the issue. For SeaMonkey versions prior to 2.9, update to version 2.9 or later to resolve the issue.