Mozilla Foundation Security Advisory 2012-28
Title: Ambiguous IPv6 in Origin headers may
bypass webserver access restrictions
Announced: April 24, 2012
Reporter: Simone Fabiano
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 12.0
Security researcher Simone Fabiano reported that if a cross-site XHR or WebSocket is opened on a web server on a non-standard port for web traffic while using an IPv6 address, the browser will send an ambiguous origin headers if the IPv6 address contains at least 2 consecutive 16-bit fields of zeroes. If there is an origin access control list that uses IPv6 literals, this issue could be used to bypass these access controls on the server.