CVE-2011-0059Cross-Site Request Forgery in Mozilla Firefox

CWE-352Cross-Site Request Forgery8 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 54.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedMar 2
Latest updateMay 3

Description

Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDmozilla/firefox3.5.16+97
NVDmozilla/seamonkey2.0.11+44

🔴Vulnerability Details

2
GHSA
GHSA-7w6w-5774-rmhv: Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 32022-05-03
CVEList
CVE-2011-0059: Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 32011-03-02

📋Vendor Advisories

4
Ubuntu
Xulrunner vulnerabilities2011-04-30
Ubuntu
Firefox and Xulrunner regression2011-03-07
Ubuntu
Firefox and Xulrunner vulnerabilities2011-03-03
Red Hat
Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)2011-03-01

💬Community

1
Bugzilla
CVE-2011-0059 Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)2011-03-01
CVE-2011-0059 — Cross-Site Request Forgery in Mozilla | cvebase