PRIOn knowledge basePRION:CVE-2012-0451Crlf injection
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.
References
lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
rhn.redhat.com/errata/RHSA-2012-0387.html
rhn.redhat.com/errata/RHSA-2012-0388.html
secunia.com/advisories/48359
secunia.com/advisories/48402
secunia.com/advisories/48496
secunia.com/advisories/48513
secunia.com/advisories/48553
secunia.com/advisories/48561
secunia.com/advisories/48629
secunia.com/advisories/49055
www.mandriva.com/security/advisories?name=MDVSA-2012:032
www.mozilla.org/security/announce/2012/mfsa2012-15.html
www.securityfocus.com/bid/52463
www.securitytracker.com/id?1026801
www.securitytracker.com/id?1026803
www.securitytracker.com/id?1026804
www.ubuntu.com/usn/USN-1400-1
www.ubuntu.com/usn/USN-1400-2
www.ubuntu.com/usn/USN-1400-3
www.ubuntu.com/usn/USN-1400-4
www.ubuntu.com/usn/USN-1400-5
bugzilla.mozilla.org/show_bug.cgi?id=717511
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14909
Related
