CVE-2011-2372 — Mozilla Firefox vulnerability

CWE-26413 documents6 sources

Severity

6.8MEDIUMNVD

NVD3.5CNA3.5

EPSS

0.4%

top 37.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedSep 29

Latest updateMay 17

Description

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox3.6.22+130

▶NVDmozilla/seamonkey2.3.3+52

▶NVDmozilla/thunderbird6.0.2+102

🔴Vulnerability Details

GHSA

GHSA-cq59-qx3j-65rf: Mozilla Firefox before 3↗2022-05-17

▶

GHSA

GHSA-97c6-9gg8-w889: Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2011-3666: Mozilla Firefox before 3↗2011-12-21

▶

CVEList

CVE-2011-2372: Mozilla Firefox before 3↗2011-09-29

▶

📋Vendor Advisories

Red Hat

Mozilla: Multiple security flaws fixed in v3.6.25 (Mac) and v9↗2011-12-20

▶

Ubuntu

Mozvoikko, ubufox, webfav update↗2011-10-04

▶

Ubuntu

Firefox vulnerabilities↗2011-09-29

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-09-28

▶

Red Hat

Mozilla: Code installation through holding down Enter (MFSA 2011-40)↗2011-09-28

▶

💬Community

Bugzilla

CVE-2011-2372 Mozilla: Code installation through holding down Enter (MFSA 2011-40)↗2011-09-28

▶