CVE-2011-2981Mozilla Firefox vulnerability

CWE-168 documents6 sources
Severity
9.3CRITICALNVD
EPSS
1.3%
top 19.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedAug 18
Latest updateMay 17

Description

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox3.6.19+106
NVDmozilla/seamonkey16 versions+15
NVDmozilla/thunderbird24 versions+23

🔴Vulnerability Details

2
GHSA
GHSA-v552-mmfq-rwm8: The event-management implementation in Mozilla Firefox before 32022-05-17
CVEList
CVE-2011-2981: The event-management implementation in Mozilla Firefox before 32011-08-18

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2011-08-26
Ubuntu
Firefox and Xulrunner vulnerabilities2011-08-19
Red Hat
Mozilla: Privilege escalation using event handlers2011-08-16

💬Community

2
Bugzilla
CVE-2012-0788 php: crash when unserializing serialized PDORow object2012-01-21
Bugzilla
CVE-2011-2981 Mozilla: Privilege escalation using event handlers2011-08-14
CVE-2011-2981 — Mozilla Firefox vulnerability | cvebase