← voltar
CVE-2011-2981

CVE-2011-2981

EPSS 2.2%
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=614151https://bugzilla.mozilla.org/show_bug.cgi?id=643450https://bugzilla.mozilla.org/show_bug.cgi?id=650252https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14512http://www.debian.org/security/2011/dsa-2295http://www.debian.org/security/2011/dsa-2296http://www.debian.org/security/2011/dsa-2297http://www.mandriva.com/security/advisories?name=MDVSA-2011:127http://www.mozilla.org/security/announce/2011/mfsa2011-30.htmlhttp://www.redhat.com/support/errata/RHSA-2011-1164.html