Test ID:	1.3.6.1.4.1.25623.1.2.1.2012.28
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2012-28) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Ambiguous IPv6 in Origin headers may bypass webserver access restrictions Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server. Affected Software/OS: Firefox version(s) below 12. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0475 BugTraq ID: 53230 http://www.securityfocus.com/bid/53230 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16279 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 XForce ISS Database: firefox-websocket-sec-bypass(75153) https://exchange.xforce.ibmcloud.com/vulnerabilities/75153
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.