CVE-2011-2983

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.6.20 Thunderbird versions prior to 3.1.12 SeaMonkey versions 1.x and 2.x

Description The issue allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site. This is possibly related to a use-after-free error when handling the RegExp.input property.

Recommendations For Mozilla Firefox versions prior to 3.6.20, update to version 3.6.20 or later. For Thunderbird versions prior to 3.1.12, update to version 3.1.12 or later. For SeaMonkey versions 1.x and 2.x, consider disabling JavaScript or restricting access to untrusted websites until a fix is available. As a temporary workaround, consider disabling the use of the RegExp.input property in web applications until the issue is resolved.