CVE-2011-2981

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.6.20 SeaMonkey versions 2.x Thunderbird versions 3.x prior to 3.1.12

Description The issue is related to the event-management implementation, which does not properly select the context for script execution. This allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Recommendations For Mozilla Firefox versions prior to 3.6.20, update to version 3.6.20 or later. For SeaMonkey versions 2.x, there is no information about a newer version that contains a fix for this issue. For Thunderbird versions 3.x prior to 3.1.12, update to version 3.1.12 or later.