Published: 14/03/2012 Updated: 18/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CRLF injection vulnerability in Mozilla Firefox 4.x up to and including 10.0, Firefox ESR 10.x prior to 10.0.3, Thunderbird 5.0 up to and including 10.0, Thunderbird ESR 10.x prior to 10.0.3, and SeaMonkey prior to 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 4.0
mozilla firefox 5.0.1
mozilla firefox 6.0
mozilla firefox 9.0.1
mozilla firefox 9.0
mozilla firefox 4.0.1
mozilla firefox 6.0.2
mozilla firefox 6.0.1
mozilla firefox 7.0.1
mozilla firefox 7.0
mozilla firefox 5.0
mozilla firefox 8.0
mozilla firefox 8.0.1
mozilla firefox esr 10.0
mozilla firefox esr 10.1
mozilla firefox esr 10.2
mozilla thunderbird 6.0
mozilla thunderbird 6.0.1
mozilla thunderbird 6.0.2
mozilla thunderbird 7.0
mozilla thunderbird 7.0.1
mozilla thunderbird 8.0
mozilla thunderbird 9.0
mozilla thunderbird 5.0
mozilla thunderbird 9.0.1
mozilla thunderbird esr 10.0
mozilla thunderbird esr 10.0.1
mozilla thunderbird esr 10.0.2
mozilla seamonkey 1.1.1
mozilla seamonkey 2.0.6
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.5
mozilla seamonkey 2.0
mozilla seamonkey 2.0.7
mozilla seamonkey 1.1.7
mozilla seamonkey 2.0.5
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.3
mozilla seamonkey 2.1
mozilla seamonkey 2.5
mozilla seamonkey 2.3
mozilla seamonkey 2.0.10
mozilla seamonkey 2.6
mozilla seamonkey 1.0.9
mozilla seamonkey 2.2
mozilla seamonkey 1.5.0.10
mozilla seamonkey 1.0
mozilla seamonkey 1.0.2
mozilla seamonkey
mozilla seamonkey 1.1.17
mozilla seamonkey 2.0.2
mozilla seamonkey 1.1.15
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.4
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.18
mozilla seamonkey 2.0.9
mozilla seamonkey 2.3.3
mozilla seamonkey 2.4
mozilla seamonkey 2.3.2
mozilla seamonkey 2.6.1
mozilla seamonkey 2.7
mozilla seamonkey 2.4.1
mozilla seamonkey 1.1.9
mozilla seamonkey 2.3.1
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.8
mozilla seamonkey 1.1.3
mozilla seamonkey 2.0.11
mozilla seamonkey 1.1.16
mozilla seamonkey 2.0.1
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0.8
mozilla seamonkey 1.1.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.13
mozilla seamonkey 1.0.5

Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Topic An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact C ...

Synopsis Critical: firefox security and bug fix update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix multiple security issues and three bugsare now available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalse ...

Several security issues were fixed in Firefox ...

USN-1400-3 introduced regressions in Thunderbird ...

Firefox’s ability to use system proxy settings regressed ...

This update provides compatible ubufox packages for the latest Firefox ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2012-15 XSS with multiple Content Security Policy headers Announced March 13, 2012 Reporter Mike Impact Moderate Products Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR ...

CWE-94 https://bugzilla.mozilla.org/show_bug.cgi?id=717511 http://www.mozilla.org/security/announce/2012/mfsa2012-15.html http://www.ubuntu.com/usn/USN-1400-3 http://secunia.com/advisories/48513 http://secunia.com/advisories/48629 http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://secunia.com/advisories/48496 http://www.ubuntu.com/usn/USN-1400-4 http://www.ubuntu.com/usn/USN-1400-2 http://secunia.com/advisories/48553 http://www.ubuntu.com/usn/USN-1400-5 http://secunia.com/advisories/48561 http://secunia.com/advisories/49055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14909 http://www.ubuntu.com/usn/USN-1400-1 http://www.securitytracker.com/id?1026804 http://www.securityfocus.com/bid/52463 http://secunia.com/advisories/48402 http://secunia.com/advisories/48359 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://www.securitytracker.com/id?1026803 http://www.securitytracker.com/id?1026801 http://rhn.redhat.com/errata/RHSA-2012-0388.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:032 https://access.redhat.com/errata/RHSA-2012:0388 https://nvd.nist.gov https://usn.ubuntu.com/1400-1/

Get Started

CVE-2012-0451

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect