Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-2984

Опубликовано: 16 авг. 2011
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux Extended Update Support 5.7firefoxAffected
Red Hat Enterprise Linux Extended Update Support 6.1firefoxAffected
Red Hat Enterprise Linux Extended Update Support 6.1thunderbirdAffected
Red Hat Enterprise Linux 4firefoxFixedRHSA-2011:116416.08.2011
Red Hat Enterprise Linux 5firefoxFixedRHSA-2011:116416.08.2011
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2011:116416.08.2011
Red Hat Enterprise Linux 6firefoxFixedRHSA-2011:116416.08.2011
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2011:116416.08.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=730522Mozilla: Privilege escalation dropping a tab element in content area

EPSS

Процентиль: 80%
0.01478
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-2984

ubuntu
почти 14 лет назад

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.

nvd логотип

CVE-2011-2984

nvd
почти 14 лет назад

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.

debian логотип

CVE-2011-2984

debian
почти 14 лет назад

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3 ...

github логотип

GHSA-m776-wvh3-f9x8

github
около 3 лет назад

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.

oracle-oval логотип

ELSA-2011-1164

oracle-oval
почти 14 лет назад

ELSA-2011-1164: firefox security update (CRITICAL)

EPSS

Процентиль: 80%
0.01478
Низкий

5.1 Medium

CVSS2