CVE-2011-2983Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure7 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.8%
top 25.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedAug 18
Latest updateMay 17

Description

Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox3.6.19+106
NVDmozilla/seamonkey64 versions+63
NVDmozilla/thunderbird48 versions+47

🔴Vulnerability Details

2
GHSA
GHSA-wmwp-4vqm-9jhc: Mozilla Firefox before 32022-05-17
CVEList
CVE-2011-2983: Mozilla Firefox before 32011-08-18

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2011-08-26
Ubuntu
Firefox and Xulrunner vulnerabilities2011-08-19
Red Hat
Mozilla: Private data leakage using RegExp.input2011-08-16

💬Community

1
Bugzilla
CVE-2011-2983 Mozilla: Private data leakage using RegExp.input2011-08-14
CVE-2011-2983 — Sensitive Information Exposure | cvebase