Published: 18/08/2011 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Mozilla Firefox 4.x through 5, Thunderbird prior to 6, SeaMonkey 2.x prior to 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote malicious users to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 4.0
mozilla firefox 4.0.1
mozilla firefox 5.0
mozilla thunderbird 2.0.0.1
mozilla thunderbird 1.5.0.8
mozilla thunderbird 1.5.2
mozilla thunderbird 1.5.1
mozilla thunderbird 3.0.1
mozilla thunderbird 1.0.6
mozilla thunderbird 3.0.8
mozilla thunderbird 1.0.4
mozilla thunderbird 1.5.0.4
mozilla thunderbird 3.1.6
mozilla thunderbird 1.5.0.11
mozilla thunderbird 1.5.0.2
mozilla thunderbird 2.0.0.21
mozilla thunderbird 3.0.10
mozilla thunderbird 2.0.0.23
mozilla thunderbird 1.7.1
mozilla thunderbird 0.7.1
mozilla thunderbird 2.0.0.6
mozilla thunderbird 0.2
mozilla thunderbird 0.5
mozilla thunderbird 2.0.0.2
mozilla thunderbird 1.5.0.9
mozilla thunderbird 2.0.0.4
mozilla thunderbird 3.0.3
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.3
mozilla thunderbird 3.1.7
mozilla thunderbird 3.1.3
mozilla thunderbird 3.0.11
mozilla thunderbird 3.0.9
mozilla thunderbird 1.5.0.10
mozilla thunderbird 2.0.0.7
mozilla thunderbird 2.0
mozilla thunderbird 2.0.0.22
mozilla thunderbird 2.0.0.9
mozilla thunderbird 0.7.3
mozilla thunderbird 0.7
mozilla thunderbird 0.9
mozilla thunderbird 0.1
mozilla thunderbird
mozilla thunderbird 2.0.0.3
mozilla thunderbird 3.0.5
mozilla thunderbird 2.0.0.5
mozilla thunderbird 3.0.2
mozilla thunderbird 1.5
mozilla thunderbird 2.0.0.8
mozilla thunderbird 3.1.4
mozilla thunderbird 1.5.0.3
mozilla thunderbird 3.1.5
mozilla thunderbird 1.5.0.1
mozilla thunderbird 3.1.1
mozilla thunderbird 3.1
mozilla thunderbird 2.0.0.17
mozilla thunderbird 1.5.0.12
mozilla thunderbird 1.5.0.5
mozilla thunderbird 1.5.0.14
mozilla thunderbird 0.7.2
mozilla thunderbird 1.0.1
mozilla thunderbird 0.8
mozilla thunderbird 0.4
mozilla thunderbird 3.0.4
mozilla thunderbird 2.0.0.18
mozilla thunderbird 2.0.0.0
mozilla thunderbird 3.0
mozilla thunderbird 2.0.0.19
mozilla thunderbird 2.0.0.12
mozilla thunderbird 1.0.7
mozilla thunderbird 1.0.8
mozilla thunderbird 3.0.7
mozilla thunderbird 1.0.5
mozilla thunderbird 1.5.0.6
mozilla thunderbird 1.5.0.7
mozilla thunderbird 3.1.2
mozilla thunderbird 3.0.6
mozilla thunderbird 2.0.0.16
mozilla thunderbird 2.0.0.14
mozilla thunderbird 1.7.3
mozilla thunderbird 1.5.0.13
mozilla thunderbird 1.0
mozilla thunderbird 0.6
mozilla thunderbird 0.3
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.18
mozilla seamonkey 2.1
mozilla seamonkey 1.1.14
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.10
mozilla seamonkey 1.0
mozilla seamonkey 2.0.3
mozilla seamonkey 1.0.9
mozilla seamonkey 1.5.0.10
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1
mozilla seamonkey 2.0
mozilla seamonkey 1.0.2
mozilla seamonkey 2.0.11
mozilla seamonkey 1.1.7
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.5
mozilla seamonkey 1.1.12
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.4
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.3
mozilla seamonkey 2.0.7
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.9
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.5
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.4
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 1.1.15
mozilla seamonkey 2.0.1
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.10
mozilla seamonkey 1.0.8
mozilla seamonkey 1.1.13
mozilla seamonkey 1.0.5

Mozilla Foundation Security Advisory 2011-33 Security issues addressed in SeaMonkey 23 Announced August 16, 2011 Impact Critical Products SeaMonkey Fixed in SeaMonkey 23 ...

Mozilla Foundation Security Advisory 2011-31 Security issues addressed in Thunderbird 6 Announced August 16, 2011 Impact Critical Products Thunderbird Fixed in Thunderbird 6 ...

Mozilla Foundation Security Advisory 2011-29 Security issues addressed in Firefox 6 Announced August 16, 2011 Impact Critical Products Firefox Fixed in Firefox 6 ...

CWE-200 https://bugzilla.mozilla.org/show_bug.cgi?id=655836 http://www.mozilla.org/security/announce/2011/mfsa2011-29.html http://www.mozilla.org/security/announce/2011/mfsa2011-33.html http://www.mozilla.org/security/announce/2011/mfsa2011-31.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html http://secunia.com/advisories/49055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14497 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2011-33/

Get Started

CVE-2011-2986

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect