Published: 02/03/2011 Updated: 19/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Mozilla Firefox prior to 3.5.17 and 3.6.x prior to 3.6.14, and SeaMonkey prior to 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote malicious users to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6.2
mozilla firefox 3.6.3
mozilla firefox 3.6.9
mozilla firefox 3.6.11
mozilla firefox 3.6.4
mozilla firefox 3.6.6
mozilla firefox 3.6.12
mozilla firefox 3.6.13
mozilla firefox 3.6.8
mozilla firefox 3.6.10
mozilla firefox 3.6.7
mozilla firefox 3.6
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.10
mozilla seamonkey 1.0
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.10
mozilla seamonkey
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.9
mozilla seamonkey 1.1
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.2
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.5
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.3
mozilla seamonkey 1.5.0.10
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.6
mozilla firefox 3.5.6
mozilla firefox 3.5.7
mozilla firefox 3.0.15
mozilla firefox 3.0.14
mozilla firefox 3.0.6
mozilla firefox 3.0.5
mozilla firefox 2.0.0.12
mozilla firefox 2.0.0.19
mozilla firefox 2.0.0.11
mozilla firefox 2.0.0.15
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 1.5.0.11
mozilla firefox 1.5.0.12
mozilla firefox 1.5.2
mozilla firefox 1.5.0.8
mozilla firefox 1.5.5
mozilla firefox 1.0.1
mozilla firefox 1.0.6
mozilla firefox 1.0.8
mozilla firefox
mozilla firefox 3.5.1
mozilla firefox 3.5.10
mozilla firefox 3.5.9
mozilla firefox 3.0.13
mozilla firefox 3.0.12
mozilla firefox 3.0.4
mozilla firefox 3.0.3
mozilla firefox 2.0.0.20
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.7
mozilla firefox 2.0
mozilla firefox 2.0.0.1
mozilla firefox 1.5
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.9
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 1.0
mozilla firefox 1.0.3
mozilla firefox 3.5.11
mozilla firefox 3.5.4
mozilla firefox 3.5.5
mozilla firefox 3.0.17
mozilla firefox 3.0.16
mozilla firefox 3.0.8
mozilla firefox 3.0.7
mozilla firefox 3.0
mozilla firefox 2.0.0.14
mozilla firefox 2.0.0.10
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.5
mozilla firefox 2.0.0.4
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.4
mozilla firefox 1.5.1
mozilla firefox 1.5.7
mozilla firefox 1.5.6
mozilla firefox 1.0.4
mozilla firefox 1.0.7
mozilla firefox 3.5.14
mozilla firefox 3.5.15
mozilla firefox 3.5.2
mozilla firefox 3.5.3
mozilla firefox 3.5.8
mozilla firefox 3.5
mozilla firefox 3.0.11
mozilla firefox 3.0.10
mozilla firefox 3.0.9
mozilla firefox 3.0.2
mozilla firefox 3.0.1
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.18
mozilla firefox 2.0.0.6
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.10
mozilla firefox 1.5.3
mozilla firefox 1.5.8
mozilla firefox 1.0.2
mozilla firefox 1.0.5
mozilla firefox 3.5.12
mozilla firefox 3.5.13

Fixed Java applet regression introduced in the update for USN 1049-1 ...

Multiple xulrunner-191 vulnerabilities ...

Multiple browser flaws ...

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete CVE-2011-0051 Zach Hoffmann discovered that incorrect parsing of recursive eval() calls could lead to attackers forcin ...

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox The included XULRunner library provides rendering services for several other applications included in Debian CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete CVE-2011-0051 Zach Ho ...

Mozilla Foundation Security Advisory 2011-02 Recursive eval call causes confirm dialogs to evaluate to true Announced March 1, 2011 Reporter Zach Hoffman Impact Critical Products Firefox, SeaMonkey Fixed in ...

CWE-20 https://bugzilla.mozilla.org/show_bug.cgi?id=616659 http://www.mozilla.org/security/announce/2011/mfsa2011-02.html http://www.redhat.com/support/errata/RHSA-2011-0312.html http://support.avaya.com/css/P8/documents/100128655 http://www.redhat.com/support/errata/RHSA-2011-0313.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://downloads.avaya.com/css/P8/documents/100133195 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211 https://nvd.nist.gov https://usn.ubuntu.com/1049-2/

Get Started

CVE-2011-0051

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect