PT-2011-4558 · Mozilla+1 · Firefox+2

Moz_Bug_R_A4

Publicado

2011-11-08

Atualizado

2017-09-19

CVE-2011-3647

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.6.24 Thunderbird versions prior to 3.1.6

Description The issue arises from the JSSubScriptLoader in Mozilla Firefox and Thunderbird, which does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. This makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.

Recommendations For Mozilla Firefox versions prior to 3.6.24, update to version 3.6.24 or later. For Thunderbird versions prior to 3.1.6, update to version 3.1.6 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2011-3647

DSA-2341-1

DSA-2342-1

DSA-2345-1

RHSA-2011:1437

RHSA-2011:1439

RHSA-2011_1437

RHSA-2011_1439

Produtos afetados

Firefox

Red Hat

Thunderbird

PT-2011-4558 · Mozilla+1 · Firefox+2

CVE-2011-3647

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13