CVE-2011-2984 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection7 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.5%

top 18.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedAug 18

Latest updateMay 17

Description

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.6.19+106

▶NVDmozilla/seamonkey31 versions+30

▶NVDmozilla/thunderbird24 versions+23

🔴Vulnerability Details

GHSA

GHSA-m776-wvh3-f9x8: Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2011-2984: Mozilla Firefox before 3↗2011-08-18

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2011-08-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-08-19

▶

Red Hat

Mozilla: Privilege escalation dropping a tab element in content area↗2011-08-16

▶

💬Community

Bugzilla

CVE-2011-2984 Mozilla: Privilege escalation dropping a tab element in content area↗2011-08-14

▶