PT-2011-4558 · Mozilla+1 · Firefox+2

Moz_Bug_R_A4

Published

2011-11-08

Updated

2017-09-19

CVE-2011-3647

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.6.24 Thunderbird versions prior to 3.1.6

Description The issue arises from the JSSubScriptLoader in Mozilla Firefox and Thunderbird, which does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. This makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.

Recommendations For Mozilla Firefox versions prior to 3.6.24, update to version 3.6.24 or later. For Thunderbird versions prior to 3.1.6, update to version 3.1.6 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-3647

DSA-2341-1

DSA-2342-1

DSA-2345-1

RHSA-2011:1437

RHSA-2011:1439

RHSA-2011_1437

RHSA-2011_1439

Affected Products

Firefox

Red Hat

Thunderbird

PT-2011-4558 · Mozilla+1 · Firefox+2

CVE-2011-3647

Weakness Enumeration

Related Identifiers

Affected Products

References · 13