CVE-2012-0451 Information

Description

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0 Firefox ESR 10.x before 10.0.3 Thunderbird 5.0 through 10.0 Thunderbird ESR 10.x before 10.0.3 and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories/48553 http://secunia.com/advisories/48561 http://secunia.com/advisories/48629 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:032 http://www.mozilla.org/security/announce/2012/mfsa2012-15.html http://www.securityfocus.com/bid/52463 http://www.securitytracker.com/id?1026801 http://www.securitytracker.com/id?1026803 http://www.securitytracker.com/id?1026804 http://www.ubuntu.com/usn/USN-1400-1 http://www.ubuntu.com/usn/USN-1400-2 http://www.ubuntu.com/usn/USN-1400-3 http://www.ubuntu.com/usn/USN-1400-4 http://www.ubuntu.com/usn/USN-1400-5 https://bugzilla.mozilla.org/show_bug.cgi?id=717511 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14909