PT-2011-4222 · Mozilla+1 · Thunderbird+3
Published
2011-08-16
·
Updated
2017-09-19
·
CVE-2011-2983
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 3.6.20
Thunderbird versions prior to 3.1.12
SeaMonkey versions 1.x and 2.x
Description
The issue allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site. This is possibly related to a use-after-free error when handling the
RegExp.input property.Recommendations
For Mozilla Firefox versions prior to 3.6.20, update to version 3.6.20 or later.
For Thunderbird versions prior to 3.1.12, update to version 3.1.12 or later.
For SeaMonkey versions 1.x and 2.x, consider disabling JavaScript or restricting access to untrusted websites until a fix is available.
As a temporary workaround, consider disabling the use of the
RegExp.input property in web applications until the issue is resolved.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox
Red Hat
Seamonkey
Thunderbird