CVE-2011-2993 — Mozilla Firefox vulnerability

6 documents4 sources

Severity

9.3CRITICALNVD

CNA7.5

EPSS

0.4%

top 41.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedAug 18

Latest updateMay 17

Description

The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox4.0, 4.0.1, 5.0+2

▶NVDmozilla/seamonkey13 versions+12

🔴Vulnerability Details

GHSA

GHSA-w8jh-c865-62qv: The implementation of digital signatures for JAR files in Mozilla Firefox 4↗2022-05-17

▶

CVEList

CVE-2011-2993: The implementation of digital signatures for JAR files in Mozilla Firefox 4↗2011-08-18

▶

📋Vendor Advisories

Ubuntu

Libvoikko regression↗2011-10-19

▶

Ubuntu

Firefox vulnerabilities↗2011-08-17

▶

Ubuntu

Mozvoikko update↗2011-08-17

▶