Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2011-2981

Опубликовано: 18 авг. 2011
Источник: debian
EPSS Низкий

Описание

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
icedovefixed3.1.12-1package
icedoveend-of-lifelennypackage
xulrunnerremovedpackage
xulrunnerfixed1.9.0.19-13lennypackage
iceweaselfixed6.0-1package
iceweaselnot-affectedlennypackage
iceapefixed2.0.14-5package
iceapenot-affectedlennypackage

Примечания

  • xulrunner in wheezy is not covered by security support

EPSS

Процентиль: 79%
0.01281
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2011-2981

ubuntu
почти 14 лет назад

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

redhat логотип

CVE-2011-2981

redhat
почти 14 лет назад

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

nvd логотип

CVE-2011-2981

nvd
почти 14 лет назад

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

github логотип

GHSA-v552-mmfq-rwm8

github
около 3 лет назад

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

oracle-oval логотип

ELSA-2011-1164

oracle-oval
почти 14 лет назад

ELSA-2011-1164: firefox security update (CRITICAL)

EPSS

Процентиль: 79%
0.01281
Низкий