Lucene search
HistorySep 29, 2011 - 12:55 a.m.
CVE-2011-2372
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.9%
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.
Affected configurations
Node
mozillafirefoxRange≤3.6.22
ORmozillafirefoxMatch3.6
ORmozillafirefoxMatch3.6.2
ORmozillafirefoxMatch3.6.3
ORmozillafirefoxMatch3.6.4
ORmozillafirefoxMatch3.6.6
ORmozillafirefoxMatch3.6.7
ORmozillafirefoxMatch3.6.8
ORmozillafirefoxMatch3.6.9
ORmozillafirefoxMatch3.6.10
ORmozillafirefoxMatch3.6.11
ORmozillafirefoxMatch3.6.12
ORmozillafirefoxMatch3.6.13
ORmozillafirefoxMatch3.6.14
ORmozillafirefoxMatch3.6.15
ORmozillafirefoxMatch3.6.16
ORmozillafirefoxMatch3.6.17
ORmozillafirefoxMatch3.6.18
ORmozillafirefoxMatch3.6.19
ORmozillafirefoxMatch3.6.20
ORmozillafirefoxMatch3.6.21
Node
mozillafirefoxMatch4.0
ORmozillafirefoxMatch4.0beta1
ORmozillafirefoxMatch4.0beta10
ORmozillafirefoxMatch4.0beta11
ORmozillafirefoxMatch4.0beta12
ORmozillafirefoxMatch4.0beta2
ORmozillafirefoxMatch4.0beta3
ORmozillafirefoxMatch4.0beta4
ORmozillafirefoxMatch4.0beta5
ORmozillafirefoxMatch4.0beta6
ORmozillafirefoxMatch4.0beta7
ORmozillafirefoxMatch4.0beta8
ORmozillafirefoxMatch4.0beta9
ORmozillafirefoxMatch4.0.1
ORmozillafirefoxMatch5.0
ORmozillafirefoxMatch6.0
Node
mozillathunderbirdRange≤6.0.2
ORmozillathunderbirdMatch0.1
ORmozillathunderbirdMatch0.2
ORmozillathunderbirdMatch0.3
ORmozillathunderbirdMatch0.4
ORmozillathunderbirdMatch0.5
ORmozillathunderbirdMatch0.6
ORmozillathunderbirdMatch0.7
ORmozillathunderbirdMatch0.7.1
ORmozillathunderbirdMatch0.7.2
ORmozillathunderbirdMatch0.7.3
ORmozillathunderbirdMatch0.8
ORmozillathunderbirdMatch0.9
ORmozillathunderbirdMatch1.0
ORmozillathunderbirdMatch1.0.1
ORmozillathunderbirdMatch1.0.2
ORmozillathunderbirdMatch1.0.3
ORmozillathunderbirdMatch1.0.4
ORmozillathunderbirdMatch1.0.5
ORmozillathunderbirdMatch1.0.5beta
ORmozillathunderbirdMatch1.0.6
ORmozillathunderbirdMatch1.0.7
ORmozillathunderbirdMatch1.0.8
ORmozillathunderbirdMatch1.5
ORmozillathunderbirdMatch1.5beta2
ORmozillathunderbirdMatch1.5.0.1
ORmozillathunderbirdMatch1.5.0.2
ORmozillathunderbirdMatch1.5.0.3
ORmozillathunderbirdMatch1.5.0.4
ORmozillathunderbirdMatch1.5.0.5
ORmozillathunderbirdMatch1.5.0.6
ORmozillathunderbirdMatch1.5.0.7
ORmozillathunderbirdMatch1.5.0.8
ORmozillathunderbirdMatch1.5.0.9
ORmozillathunderbirdMatch1.5.0.10
ORmozillathunderbirdMatch1.5.0.11
ORmozillathunderbirdMatch1.5.0.12
ORmozillathunderbirdMatch1.5.0.13
ORmozillathunderbirdMatch1.5.0.14
ORmozillathunderbirdMatch1.5.1
ORmozillathunderbirdMatch1.5.2
ORmozillathunderbirdMatch1.7.1
ORmozillathunderbirdMatch1.7.3
ORmozillathunderbirdMatch2.0
ORmozillathunderbirdMatch2.0.0.0
ORmozillathunderbirdMatch2.0.0.1
ORmozillathunderbirdMatch2.0.0.2
ORmozillathunderbirdMatch2.0.0.3
ORmozillathunderbirdMatch2.0.0.4
ORmozillathunderbirdMatch2.0.0.5
ORmozillathunderbirdMatch2.0.0.6
ORmozillathunderbirdMatch2.0.0.7
ORmozillathunderbirdMatch2.0.0.8
ORmozillathunderbirdMatch2.0.0.9
ORmozillathunderbirdMatch2.0.0.11
ORmozillathunderbirdMatch2.0.0.12
ORmozillathunderbirdMatch2.0.0.13
ORmozillathunderbirdMatch2.0.0.14
ORmozillathunderbirdMatch2.0.0.15
ORmozillathunderbirdMatch2.0.0.16
ORmozillathunderbirdMatch2.0.0.17
ORmozillathunderbirdMatch2.0.0.18
ORmozillathunderbirdMatch2.0.0.19
ORmozillathunderbirdMatch2.0.0.20
ORmozillathunderbirdMatch2.0.0.21
ORmozillathunderbirdMatch2.0.0.22
ORmozillathunderbirdMatch2.0.0.23
ORmozillathunderbirdMatch2.0_.4
ORmozillathunderbirdMatch2.0_.5
ORmozillathunderbirdMatch2.0_.6
ORmozillathunderbirdMatch2.0_.9
ORmozillathunderbirdMatch2.0_.12
ORmozillathunderbirdMatch2.0_.13
ORmozillathunderbirdMatch2.0_.14
ORmozillathunderbirdMatch2.0_8
ORmozillathunderbirdMatch3.0
ORmozillathunderbirdMatch3.0.1
ORmozillathunderbirdMatch3.0.2
ORmozillathunderbirdMatch3.0.3
ORmozillathunderbirdMatch3.0.4
ORmozillathunderbirdMatch3.0.5
ORmozillathunderbirdMatch3.0.6
ORmozillathunderbirdMatch3.0.7
ORmozillathunderbirdMatch3.0.8
ORmozillathunderbirdMatch3.0.9
ORmozillathunderbirdMatch3.0.10
ORmozillathunderbirdMatch3.0.11
ORmozillathunderbirdMatch3.1
ORmozillathunderbirdMatch3.1.1
ORmozillathunderbirdMatch3.1.2
ORmozillathunderbirdMatch3.1.3
ORmozillathunderbirdMatch3.1.4
ORmozillathunderbirdMatch3.1.5
ORmozillathunderbirdMatch3.1.6
ORmozillathunderbirdMatch3.1.7
ORmozillathunderbirdMatch3.1.8
ORmozillathunderbirdMatch3.1.9
ORmozillathunderbirdMatch3.1.10
ORmozillathunderbirdMatch3.1.11
ORmozillathunderbirdMatch5.0
Node
mozillaseamonkeyRange≤2.3.3
ORmozillaseamonkeyMatch1.0
ORmozillaseamonkeyMatch1.0alpha
ORmozillaseamonkeyMatch1.0beta
ORmozillaseamonkeyMatch1.0dev
ORmozillaseamonkeyMatch1.0alpha
ORmozillaseamonkeyMatch1.0beta
ORmozillaseamonkeyMatch1.0.1
ORmozillaseamonkeyMatch1.0.2
ORmozillaseamonkeyMatch1.0.3
ORmozillaseamonkeyMatch1.0.4
ORmozillaseamonkeyMatch1.0.5
ORmozillaseamonkeyMatch1.0.6
ORmozillaseamonkeyMatch1.0.7
ORmozillaseamonkeyMatch1.0.8
ORmozillaseamonkeyMatch1.0.9
ORmozillaseamonkeyMatch1.0.99
ORmozillaseamonkeyMatch1.1
ORmozillaseamonkeyMatch1.1alpha
ORmozillaseamonkeyMatch1.1beta
ORmozillaseamonkeyMatch1.1.1
ORmozillaseamonkeyMatch1.1.2
ORmozillaseamonkeyMatch1.1.3
ORmozillaseamonkeyMatch1.1.4
ORmozillaseamonkeyMatch1.1.5
ORmozillaseamonkeyMatch1.1.51.1.10
ORmozillaseamonkeyMatch1.1.6
ORmozillaseamonkeyMatch1.1.7
ORmozillaseamonkeyMatch1.1.8
ORmozillaseamonkeyMatch1.1.9
ORmozillaseamonkeyMatch1.1.10
ORmozillaseamonkeyMatch1.1.11
ORmozillaseamonkeyMatch1.1.12
ORmozillaseamonkeyMatch1.1.13
ORmozillaseamonkeyMatch1.1.14
ORmozillaseamonkeyMatch1.1.15
ORmozillaseamonkeyMatch1.1.16
ORmozillaseamonkeyMatch1.1.17
ORmozillaseamonkeyMatch1.1.18
ORmozillaseamonkeyMatch1.1.19
ORmozillaseamonkeyMatch1.5.0.8
ORmozillaseamonkeyMatch1.5.0.9
ORmozillaseamonkeyMatch1.5.0.10
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.0a1pre
ORmozillaseamonkeyMatch2.0a1pre
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
References
lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
lists.opensuse.org/opensuse-updates/2011-10/msg00002.html
secunia.com/advisories/46315
www.debian.org/security/2011/dsa-2312
www.debian.org/security/2011/dsa-2313
www.debian.org/security/2011/dsa-2317
www.mandriva.com/security/advisories?name=MDVSA-2011:139
www.mandriva.com/security/advisories?name=MDVSA-2011:140
www.mandriva.com/security/advisories?name=MDVSA-2011:141
www.mandriva.com/security/advisories?name=MDVSA-2011:142
www.mozilla.org/security/announce/2011/mfsa2011-40.html
www.redhat.com/support/errata/RHSA-2011-1341.html
bugzilla.mozilla.org/show_bug.cgi?id=657462
bugzilla.mozilla.org/show_bug.cgi?id=662309
bugzilla.mozilla.org/show_bug.cgi?id=663899
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13854
Related
prion
prion
Design/Logic Flaw
2011-09-29 00:55:00
Design/Logic Flaw
2011-12-21 04:02:00
cvelist
cvelist
CVE-2011-2372
2011-09-29 00:00:00
CVE-2011-3666
2011-12-21 02:00:00
cve
cve
CVE-2011-2372
2011-09-29 00:55:01
CVE-2011-3666
2011-12-21 04:02:01
veracode
veracode
Access Control Bypass
2020-04-10 01:02:40
ubuntucve
ubuntucve
CVE-2011-2372
2011-09-28 00:00:00
CVE-2011-3666
2011-12-21 00:00:00
mozilla
mozilla
Code installation through holding down Enter — Mozilla
2011-09-27 00:00:00
nvd
nvd
CVE-2011-3666
2011-12-21 04:02:01
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2011-40) - Linux
2021-11-16 00:00:00
Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X)
2011-10-14 00:00:00
Mozilla Products Multiple Vulnerabilities (Oct 2011) - Windows
2011-10-04 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2011-40
2011-10-01 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-10-01 00:00:00
nessus
nessus
RHEL 4 / 5 / 6 : firefox (RHSA-2011:1341)
2011-09-29 00:00:00
Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities
2011-09-29 00:00:00
CentOS 4 / 5 : firefox (CESA-2011:1341)
2011-09-29 00:00:00
debian
debian
[SECURITY] [DSA 2313-1] iceweasel security update
2011-09-29 20:30:47
[SECURITY] [DSA 2317-1] icedove security update
2011-10-05 20:19:05
[SECURITY] [DSA 2312-1] iceape security update
2011-09-29 16:13:44
osv
osv
icedove - several
2011-10-05 00:00:00
iceape - several
2011-09-29 00:00:00
iceweasel - several
2011-09-29 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2011-09-28 00:00:00
firefox security update
2011-09-28 00:00:00
redhat
redhat
(RHSA-2011:1341) Critical: firefox security update
2011-09-28 00:00:00
(RHSA-2011:1342) Critical: thunderbird security update
2011-09-28 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2011-09-28 00:00:00
Firefox and Xulrunner vulnerabilities
2011-09-28 00:00:00
Mozvoikko, ubufox, webfav update
2011-10-04 00:00:00
suse
suse
MozillaFirefox: Update to Firefox 3.6.23 (important)
2011-09-29 16:08:17
Security update for Mozilla Firefox (important)
2011-10-06 00:08:31
mozilla-xulrunner192: Update to Mozilla XULRunner 1.9.2.23 (important)
2011-09-29 14:08:20
centos
centos
firefox, xulrunner security update
2011-09-29 03:54:30
ibm
ibm
freebsd
freebsd
Mozilla -- multiple vulnerabilities
2011-09-27 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.9%
Related for NVD:CVE-2011-2372