Published: 18/08/2011 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x prior to 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote malicious users to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 4.0
mozilla firefox 4.0.1
mozilla firefox 5.0
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0
mozilla seamonkey 2.1
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0.7

This update provides a compatible Mozvoikko for Firefox 6 ...

A regression caused Firefox to crash while spell checking in Finnish ...

Multiple Firefox vulnerabilities have been fixed ...

Mozilla Foundation Security Advisory 2011-33 Security issues addressed in SeaMonkey 23 Announced August 16, 2011 Impact Critical Products SeaMonkey Fixed in SeaMonkey 23 ...

Mozilla Foundation Security Advisory 2011-29 Security issues addressed in Firefox 6 Announced August 16, 2011 Impact Critical Products Firefox Fixed in Firefox 6 ...

CWE-264 https://bugzilla.mozilla.org/show_bug.cgi?id=657267 http://www.mozilla.org/security/announce/2011/mfsa2011-29.html http://www.mozilla.org/security/announce/2011/mfsa2011-33.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14055 https://nvd.nist.gov https://usn.ubuntu.com/1192-2/

CVE-2011-2993

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect