Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3649

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-3649
Last Modified 16 Feb 2012 11:09:10
Published 09 Nov 2011 06:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-3649

Summary

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.

Vulnerable Systems

Application

  • Mozilla Firefox 7.0

  • Mozilla Thunderbird 7.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=655836

CONFIRM - http://www.mozilla.org/security/announce/2011/mfsa2011-50.html

SUSE - SUSE-SU-2011:1256

BID - 50591

Related Patches

Novell SUSE 2011:5429 MozillaFirefox security update for SLE 11 SP1 i586

Novell SUSE 2011:5429 MozillaFirefox security update for SLE 11 SP1 x86_64

Novell SUSE 2011:7842 mozilla-nss security update for SLE 10 SP4 i586

Novell SUSE 2011:7842 mozilla-nss security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:58:04