Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-0451
HistoryMar 14, 2012 - 7:55 p.m.

CVE-2012-0451

2012-03-1419:55:01
CWE-94
[email protected]
web.nvd.nist.gov
39
cve-2012-0451
crlf injection
mozilla firefox
firefox esr
thunderbird
seamonkey
content security policy
csp
xss
http headers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON

CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.

Affected configurations

NVD
Node
mozillafirefoxMatch4.0
OR
mozillafirefoxMatch4.0beta1
OR
mozillafirefoxMatch4.0beta10
OR
mozillafirefoxMatch4.0beta11
OR
mozillafirefoxMatch4.0beta12
OR
mozillafirefoxMatch4.0beta2
OR
mozillafirefoxMatch4.0beta3
OR
mozillafirefoxMatch4.0beta4
OR
mozillafirefoxMatch4.0beta5
OR
mozillafirefoxMatch4.0beta6
OR
mozillafirefoxMatch4.0beta7
OR
mozillafirefoxMatch4.0beta8
OR
mozillafirefoxMatch4.0beta9
OR
mozillafirefoxMatch4.0.1
OR
mozillafirefoxMatch5.0
OR
mozillafirefoxMatch5.0.1
OR
mozillafirefoxMatch6.0
OR
mozillafirefoxMatch6.0.1
OR
mozillafirefoxMatch6.0.2
OR
mozillafirefoxMatch7.0
OR
mozillafirefoxMatch7.0.1
OR
mozillafirefoxMatch8.0
OR
mozillafirefoxMatch8.0.1
OR
mozillafirefoxMatch9.0
OR
mozillafirefoxMatch9.0.1
Node
mozillafirefox_esrMatch10.0
OR
mozillafirefox_esrMatch10.1
OR
mozillafirefox_esrMatch10.2
Node
mozillathunderbirdMatch5.0
OR
mozillathunderbirdMatch6.0
OR
mozillathunderbirdMatch6.0.1
OR
mozillathunderbirdMatch6.0.2
OR
mozillathunderbirdMatch7.0
OR
mozillathunderbirdMatch7.0.1
OR
mozillathunderbirdMatch8.0
OR
mozillathunderbirdMatch9.0
OR
mozillathunderbirdMatch9.0.1
Node
mozillathunderbird_esrMatch10.0
OR
mozillathunderbird_esrMatch10.0.1
OR
mozillathunderbird_esrMatch10.0.2
Node
mozillaseamonkeyRange2.7beta5
OR
mozillaseamonkeyMatch1.0
OR
mozillaseamonkeyMatch1.0alpha
OR
mozillaseamonkeyMatch1.0beta
OR
mozillaseamonkeyMatch1.0.1
OR
mozillaseamonkeyMatch1.0.2
OR
mozillaseamonkeyMatch1.0.3
OR
mozillaseamonkeyMatch1.0.4
OR
mozillaseamonkeyMatch1.0.5
OR
mozillaseamonkeyMatch1.0.6
OR
mozillaseamonkeyMatch1.0.7
OR
mozillaseamonkeyMatch1.0.8
OR
mozillaseamonkeyMatch1.0.9
OR
mozillaseamonkeyMatch1.1
OR
mozillaseamonkeyMatch1.1alpha
OR
mozillaseamonkeyMatch1.1beta
OR
mozillaseamonkeyMatch1.1.1
OR
mozillaseamonkeyMatch1.1.2
OR
mozillaseamonkeyMatch1.1.3
OR
mozillaseamonkeyMatch1.1.4
OR
mozillaseamonkeyMatch1.1.5
OR
mozillaseamonkeyMatch1.1.6
OR
mozillaseamonkeyMatch1.1.7
OR
mozillaseamonkeyMatch1.1.8
OR
mozillaseamonkeyMatch1.1.9
OR
mozillaseamonkeyMatch1.1.10
OR
mozillaseamonkeyMatch1.1.11
OR
mozillaseamonkeyMatch1.1.12
OR
mozillaseamonkeyMatch1.1.13
OR
mozillaseamonkeyMatch1.1.14
OR
mozillaseamonkeyMatch1.1.15
OR
mozillaseamonkeyMatch1.1.16
OR
mozillaseamonkeyMatch1.1.17
OR
mozillaseamonkeyMatch1.1.18
OR
mozillaseamonkeyMatch1.1.19
OR
mozillaseamonkeyMatch1.5.0.8
OR
mozillaseamonkeyMatch1.5.0.9
OR
mozillaseamonkeyMatch1.5.0.10
OR
mozillaseamonkeyMatch2.0
OR
mozillaseamonkeyMatch2.0alpha_1
OR
mozillaseamonkeyMatch2.0alpha_2
OR
mozillaseamonkeyMatch2.0alpha_3
OR
mozillaseamonkeyMatch2.0beta_1
OR
mozillaseamonkeyMatch2.0beta_2
OR
mozillaseamonkeyMatch2.0rc1
OR
mozillaseamonkeyMatch2.0rc2
OR
mozillaseamonkeyMatch2.0.1
OR
mozillaseamonkeyMatch2.0.2
OR
mozillaseamonkeyMatch2.0.3
OR
mozillaseamonkeyMatch2.0.4
OR
mozillaseamonkeyMatch2.0.5
OR
mozillaseamonkeyMatch2.0.6
OR
mozillaseamonkeyMatch2.0.7
OR
mozillaseamonkeyMatch2.0.8
OR
mozillaseamonkeyMatch2.0.9
OR
mozillaseamonkeyMatch2.0.10
OR
mozillaseamonkeyMatch2.0.11
OR
mozillaseamonkeyMatch2.0.12
OR
mozillaseamonkeyMatch2.0.13
OR
mozillaseamonkeyMatch2.0.14
OR
mozillaseamonkeyMatch2.1
OR
mozillaseamonkeyMatch2.1alpha1
OR
mozillaseamonkeyMatch2.1alpha2
OR
mozillaseamonkeyMatch2.1alpha3
OR
mozillaseamonkeyMatch2.1beta1
OR
mozillaseamonkeyMatch2.1beta2
OR
mozillaseamonkeyMatch2.1beta3
OR
mozillaseamonkeyMatch2.1rc1
OR
mozillaseamonkeyMatch2.1rc2
OR
mozillaseamonkeyMatch2.2
OR
mozillaseamonkeyMatch2.2beta1
OR
mozillaseamonkeyMatch2.2beta2
OR
mozillaseamonkeyMatch2.2beta3
OR
mozillaseamonkeyMatch2.3
OR
mozillaseamonkeyMatch2.3beta1
OR
mozillaseamonkeyMatch2.3beta2
OR
mozillaseamonkeyMatch2.3beta3
OR
mozillaseamonkeyMatch2.3.1
OR
mozillaseamonkeyMatch2.3.2
OR
mozillaseamonkeyMatch2.3.3
OR
mozillaseamonkeyMatch2.4
OR
mozillaseamonkeyMatch2.4beta1
OR
mozillaseamonkeyMatch2.4beta2
OR
mozillaseamonkeyMatch2.4beta3
OR
mozillaseamonkeyMatch2.4.1
OR
mozillaseamonkeyMatch2.5
OR
mozillaseamonkeyMatch2.5beta1
OR
mozillaseamonkeyMatch2.5beta2
OR
mozillaseamonkeyMatch2.5beta3
OR
mozillaseamonkeyMatch2.5beta4
OR
mozillaseamonkeyMatch2.6
OR
mozillaseamonkeyMatch2.6beta1
OR
mozillaseamonkeyMatch2.6beta2
OR
mozillaseamonkeyMatch2.6beta3
OR
mozillaseamonkeyMatch2.6beta4
OR
mozillaseamonkeyMatch2.6.1
OR
mozillaseamonkeyMatch2.7beta1
OR
mozillaseamonkeyMatch2.7beta2
OR
mozillaseamonkeyMatch2.7beta3
OR
mozillaseamonkeyMatch2.7beta4

References

Related

cvelist 1
ubuntucve 1
veracode 1
openvas 38
nvd 1
mozilla 1
prion 1
nessus 32
ubuntu 5
redhat 2
oraclelinux 2
centos 2
freebsd 1
securityvulns 1
suse 2
gentoo 1
cvelist
cvelist
CVE-2012-0451
2012-03-14 19:00:00
ubuntucve
ubuntucve
CVE-2012-0451
2012-03-14 00:00:00
veracode
veracode
Insecure HTTP Headers
2020-04-10 01:07:53
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-15) - Linux
2021-11-11 00:00:00
Mozilla Products Multiple Vulnerabilities - Mar12 (Win 01)
2012-03-19 00:00:00
Mozilla Products Multiple Vulnerabilities - Mar12 (Mac OS X 01)
2012-03-20 00:00:00
nvd
nvd
CVE-2012-0451
2012-03-14 19:55:01
mozilla
mozilla
XSS with multiple Content Security Policy headers — Mozilla
2012-03-13 00:00:00
prion
prion
Crlf injection
2012-03-14 19:55:00
nessus
nessus
RHEL 5 / 6 : firefox (RHSA-2012:0387)
2012-03-14 00:00:00
Ubuntu 11.04 : gsettings-desktop-schemas regression (USN-1400-5)
2012-04-20 00:00:00
Oracle Linux 5 / 6 : firefox (ELSA-2012-0387)
2013-07-12 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-03-21 00:00:00
GSettings desktop schemas regression
2012-04-20 00:00:00
Firefox vulnerabilities
2012-03-16 00:00:00
redhat
redhat
(RHSA-2012:0387) Critical: firefox security and bug fix update
2012-03-14 00:00:00
(RHSA-2012:0388) Critical: thunderbird security update
2012-03-14 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2012-03-14 00:00:00
firefox security and bug fix update
2012-03-14 00:00:00
centos
centos
thunderbird security update
2012-03-14 11:41:24
firefox, xulrunner security update
2012-03-14 11:23:06
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-03-13 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-03-17 00:00:00
suse
suse
Security update for Mozilla Firefox (critical)
2012-03-28 21:08:31
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.3%

JSON
Related for CVE-2012-0451
cvelist1ubuntucve1veracode1openvas38nvd1mozilla1prion1nessus32ubuntu5redhat2oraclelinux2centos2freebsd1securityvulns1suse2gentoo1