Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-3647

Опубликовано: 08 нояб. 2011
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux Extended Update Support 6.1firefoxAffected
Red Hat Enterprise Linux Extended Update Support 6.1thunderbirdAffected
Red Hat Enterprise Linux 4firefoxFixedRHSA-2011:143708.11.2011
Red Hat Enterprise Linux 5firefoxFixedRHSA-2011:143708.11.2011
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2011:143708.11.2011
Red Hat Enterprise Linux 6firefoxFixedRHSA-2011:143708.11.2011
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2011:143708.11.2011
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2011:143908.11.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
https://bugzilla.redhat.com/show_bug.cgi?id=751931Mozilla: Security problem with loadSubScript on 1.9.2 branch (MFSA 2011-46)

EPSS

Процентиль: 73%
0.00769
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-3647

ubuntu
около 14 лет назад

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.

nvd логотип

CVE-2011-3647

nvd
около 14 лет назад

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.

debian логотип

CVE-2011-3647

debian
около 14 лет назад

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...

github логотип

GHSA-jqqv-7cc8-34qh

github
больше 3 лет назад

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.

oracle-oval логотип

ELSA-2011-1439

oracle-oval
около 14 лет назад

ELSA-2011-1439: thunderbird security update (CRITICAL)

EPSS

Процентиль: 73%
0.00769
Низкий

6.8 Medium

CVSS2