The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation could allow attackers to bypass an IPv6 literal ACL via a cross-site XMLHttpRequest or WebSocket operati ...