Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27604
HistoryFeb 03, 2012 - 12:00 a.m.

Mozilla Foundation Security Advisory 2012-02

2012-02-0300:00:00
vulners.com
15

Mozilla Foundation Security Advisory 2012-02

Title: Overly permissive IPv6 literal syntax
Impact: Low
Announced: January 31, 2012
Reporter: Gregory Fleischer
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 7.0
Firefox 3.6.26
Thunderbird 7.0
Thunderbird 3.1.18
SeaMonkey 2.4
Description

For historical reasons Firefox has been generous in its interpretation of web addresses containing square brackets around the host. If this host was not a valid IPv6 literal address, Firefox attempted to interpret the host as a regular domain name. Gregory Fleischer reported that requests made using IPv6 syntax using XMLHttpRequest objects through a proxy may generate errors depending on proxy configuration for IPv6. The resulting error messages from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will allow the XMLHttpRequest object to read these error messages, allowing user privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that may break links written using the non-standard Firefox-only forms that were previously accepted.

This was fixed previously for Firefox 7.0, Thunderbird 7.0, and SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during 2012.

References

Requests using IPv6 hostname syntax through HTTP proxies may generate errors
CVE-2011-3670
RFC 3986: Uniform Resource Identifier (URI): Generic Syntax