Published: 07/05/2011 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Mozilla Firefox prior to 3.5.19 and 3.6.x prior to 3.6.17, and SeaMonkey prior to 2.0.14, does not properly implement autocompletion for forms, which allows remote malicious users to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6
mozilla firefox 3.6.8
mozilla firefox 3.6.15
mozilla firefox 3.6.16
mozilla firefox 3.6.6
mozilla firefox 3.6.7
mozilla firefox 3.6.13
mozilla firefox 3.6.14
mozilla firefox 3.6.2
mozilla firefox 3.6.10
mozilla firefox 3.6.9
mozilla firefox 3.6.3
mozilla firefox 3.6.4
mozilla firefox 3.6.11
mozilla firefox 3.6.12
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.9
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.11
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1
mozilla seamonkey 1.5.0.10
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.12
mozilla seamonkey
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla firefox 3.5.4
mozilla firefox 3.5.5
mozilla firefox 3.0.16
mozilla firefox 3.0.15
mozilla firefox 3.0.8
mozilla firefox 3.0.7
mozilla firefox 3.0
mozilla firefox 2.0.0.14
mozilla firefox 2.0.0.16
mozilla firefox 3.5.1
mozilla firefox 3.5.10
mozilla firefox 3.5.9
mozilla firefox 3.0.12
mozilla firefox 3.0.11
mozilla firefox 3.0.4
mozilla firefox 3.0.3
mozilla firefox 2.0.0.20
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.7
mozilla firefox 2.0
mozilla firefox 2.0.0.1
mozilla firefox 1.5
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 1.0
mozilla firefox 1.0.3
mozilla firefox 3.5.11
mozilla firefox 3.5.12
mozilla firefox 2.0.0.11
mozilla firefox 2.0.0.5
mozilla firefox 2.0.0.4
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.5.7
mozilla firefox 1.5.6
mozilla firefox 1.0.4
mozilla firefox 1.0.7
mozilla firefox 1.0.6
mozilla firefox 3.5.15
mozilla firefox 3.5.16
mozilla firefox 3.5.6
mozilla firefox 3.5.7
mozilla firefox 3.0.14
mozilla firefox 3.0.13
mozilla firefox 3.0.6
mozilla firefox 3.0.5
mozilla firefox 2.0.0.12
mozilla firefox 2.0.0.19
mozilla firefox 2.0.0.15
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 1.5.0.11
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.8
mozilla firefox 1.5.0.9
mozilla firefox 1.5.5
mozilla firefox 1.0.1
mozilla firefox 1.0.8
mozilla firefox 3.5.17
mozilla firefox
mozilla firefox 3.5.2
mozilla firefox 3.5.3
mozilla firefox 3.5.8
mozilla firefox 3.5
mozilla firefox 3.0.17
mozilla firefox 3.0.10
mozilla firefox 3.0.9
mozilla firefox 3.0.2
mozilla firefox 3.0.1
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.10
mozilla firefox 2.0.0.18
mozilla firefox 2.0.0.6
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 1.5.8
mozilla firefox 1.0.2
mozilla firefox 1.0.5
mozilla firefox 3.5.13
mozilla firefox 3.5.14

Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 Scoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella disc ...

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 Scoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Ma ...

Multiple vulnerabilities in Firefox and Xulrunner ...

Multiple xulrunner-191 vulnerabilities ...

An empty menu bar sometimes appeared after upgrade in USN-1122-2 ...

Thunderbird could be made to run programs as your login if it opened specially crafted mail ...

Mozilla Foundation Security Advisory 2011-14 Information stealing via form history Announced April 28, 2011 Reporter Paul Stone Impact Moderate Products Firefox, SeaMonkey Fixed in ...

CWE-20 https://bugzilla.mozilla.org/show_bug.cgi?id=527935 http://www.mozilla.org/security/announce/2011/mfsa2011-14.html http://www.debian.org/security/2011/dsa-2235 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://downloads.avaya.com/css/P8/documents/100144158 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14523 https://nvd.nist.gov https://www.debian.org/security/./dsa-2228 https://usn.ubuntu.com/1112-1/

Get Started

CVE-2011-0067

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect