Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-2981

Опубликовано: 16 авг. 2011
Источник: redhat
CVSS2: 6.8

Описание

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux Extended Update Support 5.7firefoxAffected
Red Hat Enterprise Linux Extended Update Support 6.1firefoxAffected
Red Hat Enterprise Linux 4firefoxFixedRHSA-2011:116416.08.2011
Red Hat Enterprise Linux 5firefoxFixedRHSA-2011:116416.08.2011
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2011:116416.08.2011
Red Hat Enterprise Linux 6firefoxFixedRHSA-2011:116416.08.2011
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2011:116416.08.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
https://bugzilla.redhat.com/show_bug.cgi?id=730520Mozilla: Privilege escalation using event handlers

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-2981

ubuntu
почти 14 лет назад

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

nvd логотип

CVE-2011-2981

nvd
почти 14 лет назад

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

debian логотип

CVE-2011-2981

debian
почти 14 лет назад

The event-management implementation in Mozilla Firefox before 3.6.20, ...

github логотип

GHSA-v552-mmfq-rwm8

github
около 3 лет назад

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

oracle-oval логотип

ELSA-2011-1164

oracle-oval
около 14 лет назад

ELSA-2011-1164: firefox security update (CRITICAL)

6.8 Medium

CVSS2