CVE-2011-3670

Firefox < 3.6.26 and 4.x-6.0 - Information Exposure via IPv6 Literal Address Syntax

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.

References (10)

Core 10
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=504014
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2402
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2400
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2406
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14814

Scores

EPSS 0.0216
EPSS Percentile 80.0%

Details

CWE
CWE-200
Status published
Products (46)
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
mozilla/firefox 0.8
... and 36 more
Published Feb 01, 2012
Tracked Since Feb 18, 2026