The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:M/Au:N/C:C/I:C/A:C
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Mozilla |
|
Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat Enterprise Linux 4 | |||
firefox-0:3.6.24-3.el4 | cpe:/o:redhat:enterprise_linux:4 | RHSA-2011:1437 | 2011-11-08T00:00:00Z |
Red Hat Enterprise Linux 5 | |||
firefox-0:3.6.24-3.el5_7 | cpe:/o:redhat:enterprise_linux:5 | RHSA-2011:1437 | 2011-11-08T00:00:00Z |
xulrunner-0:1.9.2.24-2.el5_7 | cpe:/o:redhat:enterprise_linux:5 | RHSA-2011:1437 | 2011-11-08T00:00:00Z |
Red Hat Enterprise Linux 6 | |||
firefox-0:3.6.24-3.el6_1 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2011:1437 | 2011-11-08T00:00:00Z |
xulrunner-0:1.9.2.24-2.el6_1.1 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2011:1437 | 2011-11-08T00:00:00Z |
thunderbird-0:3.1.16-2.el6_1 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2011:1439 | 2011-11-08T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2011-11-09T11:00:00
Updated: 2024-08-06T23:37:48.659Z
Reserved: 2011-09-23T00:00:00
Link: CVE-2011-3647
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-11-09T11:55:03.520
Modified: 2017-09-19T01:34:00.917
Link: CVE-2011-3647
Redhat