CVE-2011-3655Code Injection in Mozilla Firefox

CWE-94Code Injection5 documents3 sources
Severity
9.3CRITICALNVD
EPSS
0.9%
top 23.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedNov 9
Latest updateMay 17

Description

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox8 versions+7
NVDmozilla/thunderbird5 versions+4

🔴Vulnerability Details

1
GHSA
GHSA-pp79-xv3q-4hmv: Mozilla Firefox 42022-05-17

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2011-11-28
Ubuntu
Mozvoikko and ubufox update2011-11-23
Ubuntu
Firefox vulnerabilities2011-11-23