CVE-2011-0051 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation10 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

1.0%

top 23.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedMar 2

Latest updateMay 3

Description

Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox3.5.16+97

▶NVDmozilla/seamonkey2.0.11+44

🔴Vulnerability Details

GHSA

GHSA-5mc6-qvmv-p3f9: Mozilla Firefox before 3↗2022-05-03

▶

CVEList

CVE-2011-0051: Mozilla Firefox before 3↗2011-03-02

▶

📋Vendor Advisories

Red Hat

kernel: kvm: pit timer with no irqchip crashes the system↗2011-12-14

▶

Ubuntu

Xulrunner vulnerabilities↗2011-04-30

▶

Ubuntu

Firefox and Xulrunner regression↗2011-03-07

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-03-03

▶

Red Hat

Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)↗2011-03-01

▶

💬Community

Bugzilla

CVE-2011-0051 Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)↗2011-02-04

▶

Bugzilla

CVE-2010-4225 mod_mono: remote source code exposure flaw↗2011-01-12

▶