Описание
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | ignored | end of life |
| lucid | released | 3.6.23+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.6.23+build1+nobinonly-0ubuntu0.10.10.1 |
| natty | released | 7.0.1+build1+nobinonly-0ubuntu0.11.04.1 |
| oneiric | not-affected | 7.0.1+build1+nobinonly-0ubuntu2 |
| precise | not-affected | |
| quantal | not-affected | |
| raring | not-affected | |
| saucy | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | not-affected | 2.4.1-0ubuntu1 |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | ignored | end of life |
| lucid | released | 3.1.15+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.1.15+build1+nobinonly-0ubuntu0.10.10.1 |
| natty | released | 3.1.15+build1+nobinonly-0ubuntu0.11.04.1 |
| oneiric | not-affected | 7.0.1+build1+nobinonly-0ubuntu1 |
| precise | not-affected | |
| quantal | not-affected | |
| raring | not-affected | |
| saucy | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
CRLF injection vulnerability in the nsCookieService::SetCookieStringIn ...
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
EPSS
4.3 Medium
CVSS2