PT-2011-2058 · Mozilla+1 · Firefox+2

Paul Stone

·

Publicado

2011-04-29

·

Atualizado

2017-09-19

·

CVE-2011-0067

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.5.19 Mozilla Firefox versions 3.6.x prior to 3.6.17 SeaMonkey versions prior to 2.0.14
Description The issue is related to the improper implementation of autocompletion for forms, allowing remote attackers to read form history entries. This can be achieved via a Java applet that spoofs interaction with the autocomplete controls.
Recommendations For Mozilla Firefox versions prior to 3.5.19, update to version 3.5.19 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.17, update to version 3.6.17 or later. For SeaMonkey versions prior to 2.0.14, update to version 2.0.14 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2011-0067
DSA-2227-1
DSA-2228-1
DSA-2235-1
RHSA-2011:0471
RHSA-2011_0471

Produtos afetados

Firefox
Red Hat
Seamonkey