exploitDog

CVE-2011-2362

Опубликовано: 21 июн. 2011

Источник: redhat

CVSS2: 5.1

EPSS Низкий

Описание

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=714583Mozilla Cookie isolation error (MFSA 2011-24)

EPSS

Процентиль: 78%

0.01226

Низкий

5.1 Medium

CVSS2

Связанные уязвимости

CVE-2011-2362

ubuntu

почти 14 лет назад

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.

CVE-2011-2362

nvd

почти 14 лет назад

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.

CVE-2011-2362

debian

почти 14 лет назад

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonke ...

GHSA-94rr-f3c7-jj57

github

около 3 лет назад

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.

ELSA-2011-0886

oracle-oval

около 14 лет назад

ELSA-2011-0886: thunderbird security update (CRITICAL)

EPSS

Процентиль: 78%

0.01226

Низкий

5.1 Medium

CVSS2