CVE-2011-3004

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-3004 at MITRE

Description

The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.
CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

SUSE information

SUSE Bugzilla entry: 720264 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.4
  • MozillaFirefox >= 7.0-1.2.1
  • MozillaFirefox-branding-upstream >= 7.0-1.2.1
  • MozillaFirefox-buildsymbols >= 7.0-1.2.1
  • MozillaFirefox-devel >= 7.0-1.2.1
  • MozillaFirefox-translations-common >= 7.0-1.2.1
  • MozillaFirefox-translations-other >= 7.0-1.2.1
openSUSE 11.3
  • seamonkey-debuginfo >= 2.4-1.2.1
  • seamonkey-debugsource >= 2.4-1.2.1
openSUSE 11.3
openSUSE 11.4
  • seamonkey >= 2.4-1.2.1
  • seamonkey-dom-inspector >= 2.4-1.2.1
  • seamonkey-irc >= 2.4-1.2.1
  • seamonkey-translations-common >= 2.4-1.2.1
  • seamonkey-translations-other >= 2.4-1.2.1
  • seamonkey-venkman >= 2.4-1.2.1
openSUSE 11.4
  • MozillaFirefox >= 7.0-1.2.1
  • MozillaFirefox-branding-upstream >= 7.0-1.2.1
  • MozillaFirefox-buildsymbols >= 7.0-1.2.1
  • MozillaFirefox-debuginfo >= 7.0-1.2.1
  • MozillaFirefox-debugsource >= 7.0-1.2.1
  • MozillaFirefox-devel >= 7.0-1.2.1
  • MozillaFirefox-translations-common >= 7.0-1.2.1
  • MozillaFirefox-translations-other >= 7.0-1.2.1
  • mozilla-js20 >= 2.0.1-0.2.2
  • mozilla-js20-32bit >= 2.0.1-0.2.2
  • mozilla-js20-debuginfo >= 2.0.1-0.2.2
  • mozilla-js20-debuginfo-32bit >= 2.0.1-0.2.2
  • mozilla-xulrunner20 >= 2.0.1-0.2.2
  • mozilla-xulrunner20-32bit >= 2.0.1-0.2.2
  • mozilla-xulrunner20-buildsymbols >= 2.0.1-0.2.2
  • mozilla-xulrunner20-debuginfo >= 2.0.1-0.2.2
  • mozilla-xulrunner20-debuginfo-32bit >= 2.0.1-0.2.2
  • mozilla-xulrunner20-debugsource >= 2.0.1-0.2.2
  • mozilla-xulrunner20-devel >= 2.0.1-0.2.2
  • mozilla-xulrunner20-devel-debuginfo >= 2.0.1-0.2.2
  • mozilla-xulrunner20-gnome >= 2.0.1-0.2.2
  • mozilla-xulrunner20-gnome-32bit >= 2.0.1-0.2.2
  • mozilla-xulrunner20-gnome-debuginfo >= 2.0.1-0.2.2
  • mozilla-xulrunner20-gnome-debuginfo-32bit >= 2.0.1-0.2.2
  • mozilla-xulrunner20-translations-common >= 2.0.1-0.2.2
  • mozilla-xulrunner20-translations-common-32bit >= 2.0.1-0.2.2
  • mozilla-xulrunner20-translations-other >= 2.0.1-0.2.2
  • mozilla-xulrunner20-translations-other-32bit >= 2.0.1-0.2.2
  • seamonkey >= 2.4-1.2.1
  • seamonkey-debuginfo >= 2.4-1.2.1
  • seamonkey-debugsource >= 2.4-1.2.1
  • seamonkey-dom-inspector >= 2.4-1.2.1
  • seamonkey-irc >= 2.4-1.2.1
  • seamonkey-translations-common >= 2.4-1.2.1
  • seamonkey-translations-other >= 2.4-1.2.1
  • seamonkey-venkman >= 2.4-1.2.1
Patchnames:
MozillaFirefox
seamonkey