Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2993

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-2993
Last Modified 24 Apr 2012 12:00:00
Published 18 Aug 2011 02:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2993

Summary

The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.

Vulnerable Systems

Application

  • Mozilla Firefox 4.0

  • Mozilla Firefox 4.0.1

  • Mozilla Firefox 5.0

  • Mozilla Seamonkey 2.0

  • Mozilla Seamonkey 2.0.1

  • Mozilla Seamonkey 2.0.10

  • Mozilla Seamonkey 2.0.11

  • Mozilla Seamonkey 2.0.2

  • Mozilla Seamonkey 2.0.3

  • Mozilla Seamonkey 2.0.4

  • Mozilla Seamonkey 2.0.5

  • Mozilla Seamonkey 2.0.6

  • Mozilla Seamonkey 2.0.7

  • Mozilla Seamonkey 2.0.8

  • Mozilla Seamonkey 2.0.9

  • Mozilla Seamonkey 2.1


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=657267

CONFIRM - http://www.mozilla.org/security/announce/2011/mfsa2011-33.html

CONFIRM - http://www.mozilla.org/security/announce/2011/mfsa2011-29.html

SUSE - SUSE-SA:2011:037


Last Updated: 27 May 2016 10:57:14