CVE-2011-3647

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://www.mozilla.org/security/announce/2011/mfsa2011-46.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1439.html
https://bugzilla.mozilla.org/show_bug.cgi?id=680880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13550
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://www.mozilla.org/security/announce/2011/mfsa2011-46.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1439.html
https://bugzilla.mozilla.org/show_bug.cgi?id=680880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13550

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:0.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.3:::::::*
	cpe:2.3:a:mozilla:firefox:0.4:::::::*
	cpe:2.3:a:mozilla:firefox:0.5:::::::*
	cpe:2.3:a:mozilla:firefox:0.6:::::::*
	cpe:2.3:a:mozilla:firefox:0.6.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.7:::::::*
	cpe:2.3:a:mozilla:firefox:0.7.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.8:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:::::::*
	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
	cpe:2.3:a:mozilla:firefox:0.10:::::::*
	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:::::::*
	cpe:2.3:a:mozilla:firefox:1.0:preview_release::::::
	cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:1.4.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
	cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
	cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.1:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.2:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.3:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.4:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.5:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.7:::::::*
	cpe:2.3:a:mozilla:firefox:1.5.8:::::::*
	cpe:2.3:a:mozilla:firefox:1.8:::::::*
	cpe:2.3:a:mozilla:firefox:2.0:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.12:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.13:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.14:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.15:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.16:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.17:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.18:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.19:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.20:::::::*
cpe:2.3:a:mozilla:firefox:3.0:::::::*
cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
cpe:2.3:a:mozilla:firefox:3.0.3:::::::*
cpe:2.3:a:mozilla:firefox:3.0.4:::::::*
cpe:2.3:a:mozilla:firefox:3.0.5:::::::*
cpe:2.3:a:mozilla:firefox:3.0.6:::::::*
cpe:2.3:a:mozilla:firefox:3.0.7:::::::*
cpe:2.3:a:mozilla:firefox:3.0.8:::::::*
cpe:2.3:a:mozilla:firefox:3.0.9:::::::*
cpe:2.3:a:mozilla:firefox:3.0.10:::::::*
cpe:2.3:a:mozilla:firefox:3.0.11:::::::*
cpe:2.3:a:mozilla:firefox:3.0.12:::::::*
cpe:2.3:a:mozilla:firefox:3.0.13:::::::*
cpe:2.3:a:mozilla:firefox:3.0.14:::::::*
cpe:2.3:a:mozilla:firefox:3.0.15:::::::*
cpe:2.3:a:mozilla:firefox:3.0.16:::::::*
cpe:2.3:a:mozilla:firefox:3.0.17:::::::*
cpe:2.3:a:mozilla:firefox:3.5:::::::*
cpe:2.3:a:mozilla:firefox:3.5.1:::::::*
cpe:2.3:a:mozilla:firefox:3.5.2:::::::*
cpe:2.3:a:mozilla:firefox:3.5.3:::::::*
cpe:2.3:a:mozilla:firefox:3.5.4:::::::*
cpe:2.3:a:mozilla:firefox:3.5.5:::::::*
cpe:2.3:a:mozilla:firefox:3.5.6:::::::*
cpe:2.3:a:mozilla:firefox:3.5.7:::::::*
cpe:2.3:a:mozilla:firefox:3.5.8:::::::*
cpe:2.3:a:mozilla:firefox:3.5.9:::::::*
cpe:2.3:a:mozilla:firefox:3.5.10:::::::*
cpe:2.3:a:mozilla:firefox:3.5.11:::::::*
cpe:2.3:a:mozilla:firefox:3.5.12:::::::*
cpe:2.3:a:mozilla:firefox:3.5.13:::::::*
cpe:2.3:a:mozilla:firefox:3.5.14:::::::*
cpe:2.3:a:mozilla:firefox:3.5.15:::::::*
cpe:2.3:a:mozilla:firefox:3.6:::::::*
cpe:2.3:a:mozilla:firefox:3.6.2:::::::*
cpe:2.3:a:mozilla:firefox:3.6.3:::::::*
cpe:2.3:a:mozilla:firefox:3.6.4:::::::*
cpe:2.3:a:mozilla:firefox:3.6.6:::::::*
cpe:2.3:a:mozilla:firefox:3.6.7:::::::*
cpe:2.3:a:mozilla:firefox:3.6.8:::::::*
cpe:2.3:a:mozilla:firefox:3.6.9:::::::*
cpe:2.3:a:mozilla:firefox:3.6.10:::::::*
cpe:2.3:a:mozilla:firefox:3.6.11:::::::*
cpe:2.3:a:mozilla:firefox:3.6.12:::::::*
cpe:2.3:a:mozilla:firefox:3.6.13:::::::*
cpe:2.3:a:mozilla:firefox:3.6.14:::::::*
cpe:2.3:a:mozilla:firefox:3.6.15:::::::*
cpe:2.3:a:mozilla:firefox:3.6.16:::::::*
cpe:2.3:a:mozilla:firefox:3.6.17:::::::*
cpe:2.3:a:mozilla:firefox:3.6.18:::::::*
cpe:2.3:a:mozilla:firefox:3.6.19:::::::*
cpe:2.3:a:mozilla:firefox:3.6.20:::::::*
cpe:2.3:a:mozilla:firefox:3.6.21:::::::*
cpe:2.3:a:mozilla:firefox:3.6.22:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird:0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.8:::::::*
	cpe:2.3:a:mozilla:thunderbird:0.9:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.5:beta::::::
	cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.0.8:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
	cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.8:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.9:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.10:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.11:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.12:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.13:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.0.14:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.5.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.7.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:1.7.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.7:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.8:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.9:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.11:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.12:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.13:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.14:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.15:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.16:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.17:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.18:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.19:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.20:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.21:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.22:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.23:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.10:::::::*
cpe:2.3:a:mozilla:thunderbird:3.0.11:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.1:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.2:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.3:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.4:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.10:::::::*
cpe:2.3:a:mozilla:thunderbird:3.1.11:::::::*

History

21 Nov 2024, 01:30

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html -
References	~~() http://www.mozilla.org/security/announce/2011/mfsa2011-46.html - Vendor Advisory~~	() http://www.mozilla.org/security/announce/2011/mfsa2011-46.html - Vendor Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2011-1439.html -~~	() http://www.redhat.com/support/errata/RHSA-2011-1439.html -
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=680880 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=680880 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13550 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13550 -

Information

Published : 2011-11-09 11:55

Updated : 2024-11-21 01:30

NVD link : CVE-2011-3647

Mitre link : CVE-2011-3647

CVE.ORG link : CVE-2011-3647

JSON object : View

Products Affected

mozilla

thunderbird
firefox

CWE

CWE-20

Improper Input Validation

9.3 /10