Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-3670

Published: 01/02/2012 Updated: 29/12/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Firefox

Vulnerability Summary

Mozilla Firefox prior to 3.6.26 and 4.x up to and including 6.0, Thunderbird prior to 3.1.18 and 5.0 up to and including 6.0, and SeaMonkey prior to 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote malicious users to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox 3.6.7

mozilla firefox 3.6.8

mozilla firefox 3.6.15

mozilla firefox 3.6.16

mozilla firefox 3.5.15

mozilla firefox 3.5.14

mozilla firefox 3.5.4

mozilla firefox 3.5.2

mozilla firefox 3.0.1

mozilla firefox 3.0.10

mozilla firefox 3.0.6

mozilla firefox 3.0.9

mozilla firefox 3.0.17

mozilla firefox 2.0.0.14

mozilla firefox 2.0.0.12

mozilla firefox 2.0

mozilla firefox 2.0.0.18

mozilla firefox 2.0.0.2

mozilla firefox 2.0.0.1

mozilla firefox 1.0.3

mozilla firefox 1.0.2

mozilla firefox 1.5.0.5

mozilla firefox 1.5.0.2

mozilla firefox 1.5.3

mozilla firefox 1.5.4

mozilla firefox 1.5

mozilla firefox 1.8

mozilla firefox 0.9.1

mozilla firefox 0.9

mozilla firefox 0.3

mozilla firefox 3.6.2

mozilla firefox 3.6.3

mozilla firefox 3.6.11

mozilla firefox 3.6.12

mozilla firefox 3.6.20

mozilla firefox 3.6.21

mozilla firefox 3.5.9

mozilla firefox 3.5.3

mozilla firefox 3.5.6

mozilla firefox 3.5.7

mozilla firefox 3.0

mozilla firefox 3.0.11

mozilla firefox 3.0.7

mozilla firefox 3.0.15

mozilla firefox 2.0.0.13

mozilla firefox 2.0.0.20

mozilla firefox 2.0.0.10

mozilla firefox 2.0.0.5

mozilla firefox 1.4.1

mozilla firefox 1.0.1

mozilla firefox 1.0.7

mozilla firefox 1.0.6

mozilla firefox 1.5.0.12

mozilla firefox 1.5.0.1

mozilla firefox 1.5.0.8

mozilla firefox 1.5.0.9

mozilla firefox 1.5.5

mozilla firefox 0.10

mozilla firefox 0.9.2

mozilla firefox 0.7

mozilla firefox 0.1

mozilla firefox 0.2

mozilla firefox 3.6

mozilla firefox 3.6.9

mozilla firefox 3.6.10

mozilla firefox 3.6.17

mozilla firefox 3.6.18

mozilla firefox 3.6.19

mozilla firefox 3.5.12

mozilla firefox 3.5.13

mozilla firefox 3.5.5

mozilla firefox 3.5.1

mozilla firefox 3.0.3

mozilla firefox 3.0.5

mozilla firefox 3.0.4

mozilla firefox 3.0.13

mozilla firefox 2.0.0.15

mozilla firefox 2.0.0.19

mozilla firefox 2.0.0.6

mozilla firefox 2.0.0.17

mozilla firefox 2.0.0.16

mozilla firefox 2.0.0.11

mozilla firefox 1.0.5

mozilla firefox 1.0.4

mozilla firefox 1.5.0.3

mozilla firefox 1.5.0.11

mozilla firefox 1.5.1

mozilla firefox 1.5.2

mozilla firefox 1.5.8

mozilla firefox 1.5.7

mozilla firefox 1.5.6

mozilla firefox 0.9.3

mozilla firefox 0.6.1

mozilla firefox 0.5

mozilla firefox 0.6

mozilla firefox 0.4

mozilla firefox

mozilla firefox 3.6.4

mozilla firefox 3.6.6

mozilla firefox 3.6.13

mozilla firefox 3.6.14

mozilla firefox 3.6.22

mozilla firefox 3.5.10

mozilla firefox 3.5.11

mozilla firefox 3.5.8

mozilla firefox 3.5

mozilla firefox 3.0.14

mozilla firefox 3.0.12

mozilla firefox 3.0.8

mozilla firefox 3.0.16

mozilla firefox 3.0.2

mozilla firefox 2.0.0.8

mozilla firefox 2.0.0.9

mozilla firefox 2.0.0.7

mozilla firefox 2.0.0.4

mozilla firefox 2.0.0.3

mozilla firefox 1.0

mozilla firefox 1.0.8

mozilla firefox 1.5.0.4

mozilla firefox 1.5.0.10

mozilla firefox 1.5.0.6

mozilla firefox 1.5.0.7

mozilla firefox 0.8

mozilla firefox 0.10.1

mozilla firefox 0.7.1

mozilla firefox 3.6.23

mozilla firefox 3.6.24

mozilla thunderbird 0.4

mozilla thunderbird 0.5

mozilla thunderbird 0.9

mozilla thunderbird 1.0

mozilla thunderbird 1.0.6

mozilla thunderbird 1.0.7

mozilla thunderbird 1.5.0.14

mozilla thunderbird 1.5.0.2

mozilla thunderbird 1.5.0.9

mozilla thunderbird 1.5.1

mozilla thunderbird 2.0.0.1

mozilla thunderbird 2.0.0.11

mozilla thunderbird 2.0.0.19

mozilla thunderbird 2.0.0.2

mozilla thunderbird 2.0.0.5

mozilla thunderbird 2.0.0.6

mozilla thunderbird 3.0.11

mozilla thunderbird 3.0.2

mozilla thunderbird 3.0.3

mozilla thunderbird 3.1

mozilla thunderbird 3.1.1

mozilla thunderbird 3.1.6

mozilla thunderbird

mozilla thunderbird 0.1

mozilla thunderbird 0.2

mozilla thunderbird 0.3

mozilla thunderbird 0.7.3

mozilla thunderbird 0.8

mozilla thunderbird 1.0.5

mozilla thunderbird 1.5.0.12

mozilla thunderbird 0.7.1

mozilla thunderbird 0.7.2

mozilla thunderbird 1.0.3

mozilla thunderbird 1.0.4

mozilla thunderbird 1.5.0.1

mozilla thunderbird 1.5.0.10

mozilla thunderbird 1.5.0.11

mozilla thunderbird 1.5.0.5

mozilla thunderbird 1.5.0.6

mozilla thunderbird 1.7.1

mozilla thunderbird 1.7.3

mozilla thunderbird 2.0.0.15

mozilla thunderbird 2.0.0.16

mozilla thunderbird 2.0.0.22

mozilla thunderbird 2.0.0.23

mozilla thunderbird 2.0.0.9

mozilla thunderbird 3.0

mozilla thunderbird 3.0.6

mozilla thunderbird 3.0.7

mozilla thunderbird 3.1.2

mozilla thunderbird 3.1.3

mozilla thunderbird 1.5.0.13

mozilla thunderbird 1.5.0.7

mozilla thunderbird 1.5.0.8

mozilla thunderbird 2.0

mozilla thunderbird 2.0.0.0

mozilla thunderbird 2.0.0.17

mozilla thunderbird 2.0.0.18

mozilla thunderbird 2.0.0.3

mozilla thunderbird 2.0.0.4

mozilla thunderbird 3.0.1

mozilla thunderbird 3.0.10

mozilla thunderbird 3.0.8

mozilla thunderbird 3.0.9

mozilla thunderbird 3.1.4

mozilla thunderbird 3.1.5

mozilla thunderbird 0.6

mozilla thunderbird 0.7

mozilla thunderbird 1.0.1

mozilla thunderbird 1.0.2

mozilla thunderbird 1.0.8

mozilla thunderbird 1.5

mozilla thunderbird 1.5.0.3

mozilla thunderbird 1.5.0.4

mozilla thunderbird 1.5.2

mozilla thunderbird 2.0.0.12

mozilla thunderbird 2.0.0.13

mozilla thunderbird 2.0.0.14

mozilla thunderbird 2.0.0.20

mozilla thunderbird 2.0.0.21

mozilla thunderbird 2.0.0.7

mozilla thunderbird 2.0.0.8

mozilla thunderbird 3.0.4

mozilla thunderbird 3.0.5

mozilla thunderbird 3.1.10

mozilla thunderbird 3.1.11

mozilla firefox 4.0

mozilla firefox 4.0.1

mozilla firefox 6.0

mozilla firefox 5.0

mozilla firefox 5.0.1

mozilla thunderbird 5.0

mozilla thunderbird 6.0

mozilla seamonkey 2.3

mozilla seamonkey 2.1

mozilla seamonkey 2.0.14

mozilla seamonkey 2.0.13

mozilla seamonkey 2.0.6

mozilla seamonkey 2.0.5

mozilla seamonkey 2.0.4

mozilla seamonkey 2.0

mozilla seamonkey 1.1.16

mozilla seamonkey 1.1.15

mozilla seamonkey 1.1.7

mozilla seamonkey 1.1.6

mozilla seamonkey 1.1

mozilla seamonkey 1.0.3

mozilla seamonkey 1.0.2

mozilla seamonkey 2.4

mozilla seamonkey 2.2

mozilla seamonkey 2.0.12

mozilla seamonkey 2.0.11

mozilla seamonkey 2.0.3

mozilla seamonkey 2.0.2

mozilla seamonkey 1.1.14

mozilla seamonkey 1.1.13

mozilla seamonkey 1.1.5

mozilla seamonkey 1.1.4

mozilla seamonkey 1.0.9

mozilla seamonkey 1.0.8

mozilla seamonkey 1.0.1

mozilla seamonkey 1.0

mozilla seamonkey 2.3.3

mozilla seamonkey 2.

mozilla seamonkey 2.0.10

mozilla seamonkey 2.0.9

mozilla seamonkey 2.0.1

mozilla seamonkey 1.1.19

mozilla seamonkey 1.1.12

mozilla seamonkey 1.1.11

mozilla seamonkey 1.1.3

mozilla seamonkey 1.1.2

mozilla seamonkey 1.0.7

mozilla seamonkey 1.0.6

mozilla seamonkey

mozilla seamonkey 2.3.2

mozilla seamonkey 2.3.1

mozilla seamonkey 2.0.8

mozilla seamonkey 2.0.7

mozilla seamonkey 1.1.18

mozilla seamonkey 1.1.17

mozilla seamonkey 1.1.10

mozilla seamonkey 1.1.9

mozilla seamonkey 1.1.8

mozilla seamonkey 1.1.1

mozilla seamonkey 1.0.5

mozilla seamonkey 1.0.4

Vendor Advisories

Red Hat: Critical: thunderbird security update
Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Topic An updated thunderbird package that fixes two security issues is nowavailable for Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common ...
Red Hat: Critical: seamonkey security update
Synopsis Critical: seamonkey security update Type/Severity Security Advisory: Critical Topic Updated seamonkey packages that fix two security issues are now availablefor Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulnerabilit ...
Red Hat: Critical: thunderbird security update
Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Topic An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common ...
Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4, 5, and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common V ...
Debian Security Advisories: DSA-2400-1 iceweasel -- several vulnerabilities
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox The included XULRunner library provides rendering services for several other applications included in Debian CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure CVE-2012-044 ...
Debian Security Advisories: DSA-2402-1 iceape -- several vulnerabilities
Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the ex ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Ubuntu Security Notice: xulrunner-1.9.2 vulnerabilities
Several security issues were fixed in Xulrunner ...
Mozilla: Overly permissive IPv6 literal syntax
Mozilla Foundation Security Advisory 2012-02 Overly permissive IPv6 literal syntax Announced January 31, 2012 Reporter Gregory Fleischer Impact Low Products Firefox, SeaMonkey, Thunderbird Fixed in ...

References

CWE-200https://bugzilla.mozilla.org/show_bug.cgi?id=504014http://www.mozilla.org/security/announce/2012/mfsa2012-02.htmlhttp://www.debian.org/security/2012/dsa-2400http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:013https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14814http://www.debian.org/security/2012/dsa-2406http://www.debian.org/security/2012/dsa-2402https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2012:0085https://usn.ubuntu.com/1350-1/https://www.debian.org/security/./dsa-2400
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook