{
  "threat_severity" : "Moderate",
  "public_date" : "2012-04-24T00:00:00Z",
  "bugzilla" : {
    "description" : "Mozilla: Potential site identity spoofing when loading RSS and Atom feeds (MFSA 2012-33)",
    "id" : "815044",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=815044"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "details" : [ "Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content." ],
  "acknowledgement" : "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jeroen van der Gun as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-04-24T00:00:00Z",
    "advisory" : "RHSA-2012:0515",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "firefox-0:10.0.4-1.el5_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-04-24T00:00:00Z",
    "advisory" : "RHSA-2012:0515",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "xulrunner-0:10.0.4-1.el5_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-04-24T00:00:00Z",
    "advisory" : "RHSA-2012:0516",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "thunderbird-0:10.0.4-1.el5_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-04-24T00:00:00Z",
    "advisory" : "RHSA-2012:0515",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "firefox-0:10.0.4-1.el6_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-04-24T00:00:00Z",
    "advisory" : "RHSA-2012:0515",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xulrunner-0:10.0.4-1.el6_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-04-24T00:00:00Z",
    "advisory" : "RHSA-2012:0516",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "thunderbird-0:10.0.4-1.el6_2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-0479\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0479" ],
  "name" : "CVE-2012-0479",
  "csaw" : false
}