Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
BID:52463
Info
Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
| Bugtraq ID: | 52463 |
| Class: | Design Error |
| CVE: |
CVE-2012-0451 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 13 2012 12:00AM |
| Updated: | Mar 19 2015 09:35AM |
| Credit: | Mike Brooks |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise SDK 11 SP2 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise Desktop 11 SP2 SuSE SUSE Linux Enterprise Desktop 11 SP1 SuSE openSUSE 11.4 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Mozilla Thunderbird ESR 10.0.2 Mozilla Thunderbird 9.0 Mozilla Thunderbird 8.0 Mozilla Thunderbird 7.0.1 Mozilla Thunderbird 7.0 Mozilla Thunderbird 6.0.2 Mozilla Thunderbird 6.0.1 Mozilla Thunderbird 6.0 Mozilla Thunderbird 6 Mozilla Thunderbird 6 Mozilla Thunderbird 10.0.2 Mozilla Thunderbird 10.0.1 Mozilla Thunderbird 10.0 Mozilla Thunderbird 10.0 Mozilla SeaMonkey 2.0.11 Mozilla SeaMonkey 2.0.9 Mozilla SeaMonkey 2.0.8 Mozilla SeaMonkey 2.0.5 Mozilla SeaMonkey 2.0.4 Mozilla SeaMonkey 2.0.3 Mozilla SeaMonkey 2.0.2 Mozilla SeaMonkey 2.0.1 Mozilla SeaMonkey 2.7.2 Mozilla SeaMonkey 2.7.1 Mozilla SeaMonkey 2.7 Mozilla SeaMonkey 2.6 Mozilla SeaMonkey 2.5 Mozilla SeaMonkey 2.4 Mozilla SeaMonkey 2.3 Mozilla SeaMonkey 2.2 Mozilla SeaMonkey 2.1b2 Mozilla SeaMonkey 2.1 Alpha3 Mozilla SeaMonkey 2.1 Alpha2 Mozilla SeaMonkey 2.1 Alpha1 Mozilla SeaMonkey 2.1 Mozilla SeaMonkey 2.0.9 Mozilla SeaMonkey 2.0.7 Mozilla SeaMonkey 2.0.6 Mozilla SeaMonkey 2.0.5 Mozilla SeaMonkey 2.0.4 Mozilla SeaMonkey 2.0.14 Mozilla SeaMonkey 2.0.13 Mozilla SeaMonkey 2.0.12 Mozilla SeaMonkey 2.0.10 Mozilla SeaMonkey 2.0 Rc2 Mozilla SeaMonkey 2.0 Rc1 Mozilla SeaMonkey 2.0 Beta 2 Mozilla SeaMonkey 2.0 Beta 1 Mozilla SeaMonkey 2.0 Alpha 3 Mozilla SeaMonkey 2.0 Alpha 2 Mozilla SeaMonkey 2.0 Alpha 1 Mozilla SeaMonkey 2.0 Mozilla Firefox ESR 10.0.2 Mozilla Firefox 9.0.1 Mozilla Firefox 9.0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Firefox 7.0.1 Mozilla Firefox 7.0 Mozilla Firefox 7 Mozilla Firefox 6.0.2 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0 Moonchild Productions Pale Moon 9.2 Moonchild Productions Pale Moon 9.1 Moonchild Productions Pale Moon 9.0.1 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 Gentoo Linux |
| Not Vulnerable: |
Mozilla Thunderbird ESR 10.0.3 Mozilla Thunderbird 11.0 Mozilla SeaMonkey 2.8 Mozilla Firefox ESR 10.0.3 Mozilla Firefox 11.0 Moonchild Productions Pale Moon 11.0 |
Discussion
Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a security-bypass vulnerability.
Attackers can leverage this issue to bypass certain security restrictions and potentially conduct cross-site scripting attacks.
This issue is fixed in:
Firefox 11.0
Firefox ESR 10.0.3
Thunderbird 11.0
Thunderbird ESR 10.0.3
SeaMonkey 2.8
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a security-bypass vulnerability.
Attackers can leverage this issue to bypass certain security restrictions and potentially conduct cross-site scripting attacks.
This issue is fixed in:
Firefox 11.0
Firefox ESR 10.0.3
Thunderbird 11.0
Thunderbird ESR 10.0.3
SeaMonkey 2.8
Exploit / POC
Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Mozilla Firefox/Thunderbird/SeaMonkey HTTP Header Security Bypass Vulnerability
References:
References:
- Cisco NX-OS Download Page (Cisco)
- Mozilla Homepage (Mozilla Foundation)
- Pale Moon: Release notes for version 11 (Moonchild Productions)
- SeaMonkey Homepage (Mozilla)
- Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco)
- Mozilla Foundation Security Advisory 2012-15 (Mozilla)