[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-2983Date: (C)2011-08-18   (M)2024-03-27


Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1025940
DSA-2295
DSA-2296
DSA-2297
MDVSA-2011:127
RHSA-2011:1164
RHSA-2011:1165
RHSA-2011:1167
SUSE-SA:2011:037
SUSE-SU-2011:0967
http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
https://bugzilla.mozilla.org/show_bug.cgi?id=626297
oval:org.mitre.oval:def:14272

CPE    271
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:seamonkey:2.8:beta6
cpe:/a:mozilla:seamonkey:2.8:beta1
...
CWE    1
CWE-200
OVAL    27
oval:org.secpod.oval:def:201573
oval:org.secpod.oval:def:201682
oval:org.secpod.oval:def:201445
oval:org.secpod.oval:def:400018
...

© SecPod Technologies