Lucene search
HistoryAug 18, 2011 - 6:55 p.m.
CVE-2011-2984
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.018 Low
EPSS
Percentile
88.3%
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
Affected configurations
Node
mozillafirefoxRange≤3.6.19
ORmozillafirefoxMatch1.0
ORmozillafirefoxMatch1.0preview_release
ORmozillafirefoxMatch1.0.1
ORmozillafirefoxMatch1.0.2
ORmozillafirefoxMatch1.0.3
ORmozillafirefoxMatch1.0.4
ORmozillafirefoxMatch1.0.5
ORmozillafirefoxMatch1.0.6
ORmozillafirefoxMatch1.0.7
ORmozillafirefoxMatch1.0.8
ORmozillafirefoxMatch1.5
ORmozillafirefoxMatch1.5beta1
ORmozillafirefoxMatch1.5beta2
ORmozillafirefoxMatch1.5.0.1
ORmozillafirefoxMatch1.5.0.2
ORmozillafirefoxMatch1.5.0.3
ORmozillafirefoxMatch1.5.0.4
ORmozillafirefoxMatch1.5.0.5
ORmozillafirefoxMatch1.5.0.6
ORmozillafirefoxMatch1.5.0.7
ORmozillafirefoxMatch1.5.0.8
ORmozillafirefoxMatch1.5.0.9
ORmozillafirefoxMatch1.5.0.10
ORmozillafirefoxMatch1.5.0.11
ORmozillafirefoxMatch1.5.0.12
ORmozillafirefoxMatch1.5.1
ORmozillafirefoxMatch1.5.2
ORmozillafirefoxMatch1.5.3
ORmozillafirefoxMatch1.5.4
ORmozillafirefoxMatch1.5.5
ORmozillafirefoxMatch1.5.6
ORmozillafirefoxMatch1.5.7
ORmozillafirefoxMatch1.5.8
ORmozillafirefoxMatch2.0
ORmozillafirefoxMatch2.0.0.1
ORmozillafirefoxMatch2.0.0.2
ORmozillafirefoxMatch2.0.0.3
ORmozillafirefoxMatch2.0.0.4
ORmozillafirefoxMatch2.0.0.5
ORmozillafirefoxMatch2.0.0.6
ORmozillafirefoxMatch2.0.0.7
ORmozillafirefoxMatch2.0.0.8
ORmozillafirefoxMatch2.0.0.9
ORmozillafirefoxMatch2.0.0.10
ORmozillafirefoxMatch2.0.0.11
ORmozillafirefoxMatch2.0.0.12
ORmozillafirefoxMatch2.0.0.13
ORmozillafirefoxMatch2.0.0.14
ORmozillafirefoxMatch2.0.0.15
ORmozillafirefoxMatch2.0.0.16
ORmozillafirefoxMatch2.0.0.17
ORmozillafirefoxMatch2.0.0.18
ORmozillafirefoxMatch2.0.0.19
ORmozillafirefoxMatch2.0.0.20
ORmozillafirefoxMatch3.0
ORmozillafirefoxMatch3.0.1
ORmozillafirefoxMatch3.0.2
ORmozillafirefoxMatch3.0.3
ORmozillafirefoxMatch3.0.4
ORmozillafirefoxMatch3.0.5
ORmozillafirefoxMatch3.0.6
ORmozillafirefoxMatch3.0.7
ORmozillafirefoxMatch3.0.8
ORmozillafirefoxMatch3.0.9
ORmozillafirefoxMatch3.0.10
ORmozillafirefoxMatch3.0.11
ORmozillafirefoxMatch3.0.12
ORmozillafirefoxMatch3.0.13
ORmozillafirefoxMatch3.0.14
ORmozillafirefoxMatch3.0.15
ORmozillafirefoxMatch3.0.16
ORmozillafirefoxMatch3.0.17
ORmozillafirefoxMatch3.5
ORmozillafirefoxMatch3.5.1
ORmozillafirefoxMatch3.5.2
ORmozillafirefoxMatch3.5.3
ORmozillafirefoxMatch3.5.4
ORmozillafirefoxMatch3.5.5
ORmozillafirefoxMatch3.5.6
ORmozillafirefoxMatch3.5.7
ORmozillafirefoxMatch3.5.8
ORmozillafirefoxMatch3.5.9
ORmozillafirefoxMatch3.5.10
ORmozillafirefoxMatch3.5.11
ORmozillafirefoxMatch3.5.12
ORmozillafirefoxMatch3.5.13
ORmozillafirefoxMatch3.5.14
ORmozillafirefoxMatch3.5.15
ORmozillafirefoxMatch3.5.16
ORmozillafirefoxMatch3.5.17
ORmozillafirefoxMatch3.5.18
ORmozillafirefoxMatch3.5.19
ORmozillafirefoxMatch3.6
ORmozillafirefoxMatch3.6.2
ORmozillafirefoxMatch3.6.3
ORmozillafirefoxMatch3.6.4
ORmozillafirefoxMatch3.6.6
ORmozillafirefoxMatch3.6.7
ORmozillafirefoxMatch3.6.8
ORmozillafirefoxMatch3.6.9
ORmozillafirefoxMatch3.6.10
ORmozillafirefoxMatch3.6.11
ORmozillafirefoxMatch3.6.12
ORmozillafirefoxMatch3.6.13
ORmozillafirefoxMatch3.6.14
ORmozillafirefoxMatch3.6.15
ORmozillafirefoxMatch3.6.16
ORmozillafirefoxMatch3.6.17
ORmozillafirefoxMatch3.6.18
Node
mozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.1
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
ORmozillaseamonkeyMatch2.1beta1
ORmozillaseamonkeyMatch2.1beta2
ORmozillaseamonkeyMatch2.1beta3
ORmozillaseamonkeyMatch2.1rc1
ORmozillaseamonkeyMatch2.1rc2
ORmozillaseamonkeyMatch2.2
ORmozillaseamonkeyMatch2.2beta1
ORmozillaseamonkeyMatch2.2beta2
ORmozillaseamonkeyMatch2.2beta3
ORmozillaseamonkeyMatch2.3
ORmozillaseamonkeyMatch2.3beta1
ORmozillaseamonkeyMatch2.3beta2
ORmozillaseamonkeyMatch2.3beta3
ORmozillaseamonkeyMatch2.3.1
ORmozillaseamonkeyMatch2.3.2
ORmozillaseamonkeyMatch2.3.3
ORmozillaseamonkeyMatch2.4
ORmozillaseamonkeyMatch2.4beta1
ORmozillaseamonkeyMatch2.4beta2
ORmozillaseamonkeyMatch2.4beta3
ORmozillaseamonkeyMatch2.4.1
ORmozillaseamonkeyMatch2.5
ORmozillaseamonkeyMatch2.5beta1
ORmozillaseamonkeyMatch2.5beta2
ORmozillaseamonkeyMatch2.5beta3
ORmozillaseamonkeyMatch2.5beta4
ORmozillaseamonkeyMatch2.6
ORmozillaseamonkeyMatch2.6beta1
ORmozillaseamonkeyMatch2.6beta2
ORmozillaseamonkeyMatch2.6beta3
ORmozillaseamonkeyMatch2.6beta4
ORmozillaseamonkeyMatch2.6.1
ORmozillaseamonkeyMatch2.7
ORmozillaseamonkeyMatch2.7beta1
ORmozillaseamonkeyMatch2.7beta2
ORmozillaseamonkeyMatch2.7beta3
ORmozillaseamonkeyMatch2.7beta4
ORmozillaseamonkeyMatch2.7beta5
ORmozillaseamonkeyMatch2.7.1
ORmozillaseamonkeyMatch2.7.2
ORmozillaseamonkeyMatch2.8
ORmozillaseamonkeyMatch2.8beta1
ORmozillaseamonkeyMatch2.8beta2
ORmozillaseamonkeyMatch2.8beta3
ORmozillaseamonkeyMatch2.8beta4
ORmozillaseamonkeyMatch2.8beta5
ORmozillaseamonkeyMatch2.8beta6
ORmozillaseamonkeyMatch2.9beta1
ORmozillaseamonkeyMatch2.9beta2
ORmozillaseamonkeyMatch2.9beta3
Node
mozillathunderbirdMatch3.0
ORmozillathunderbirdMatch3.0.1
ORmozillathunderbirdMatch3.0.2
ORmozillathunderbirdMatch3.0.3
ORmozillathunderbirdMatch3.0.4
ORmozillathunderbirdMatch3.0.5
ORmozillathunderbirdMatch3.0.6
ORmozillathunderbirdMatch3.0.7
ORmozillathunderbirdMatch3.0.8
ORmozillathunderbirdMatch3.0.9
ORmozillathunderbirdMatch3.0.10
ORmozillathunderbirdMatch3.0.11
ORmozillathunderbirdMatch3.1
ORmozillathunderbirdMatch3.1.1
ORmozillathunderbirdMatch3.1.2
ORmozillathunderbirdMatch3.1.3
ORmozillathunderbirdMatch3.1.4
ORmozillathunderbirdMatch3.1.5
ORmozillathunderbirdMatch3.1.6
ORmozillathunderbirdMatch3.1.7
ORmozillathunderbirdMatch3.1.8
ORmozillathunderbirdMatch3.1.9
ORmozillathunderbirdMatch3.1.10
ORmozillathunderbirdMatch3.1.11
References
lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
www.debian.org/security/2011/dsa-2295
www.debian.org/security/2011/dsa-2296
www.debian.org/security/2011/dsa-2297
www.mandriva.com/security/advisories?name=MDVSA-2011:127
www.mozilla.org/security/announce/2011/mfsa2011-30.html
www.redhat.com/support/errata/RHSA-2011-1164.html
bugzilla.mozilla.org/show_bug.cgi?id=572129
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14358
Related
cve
cve
CVE-2011-2984
2011-08-18 18:55:01
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:01:41
cvelist
cvelist
CVE-2011-2984
2011-08-18 18:00:00
prion
prion
Code injection
2011-08-18 18:55:00
ubuntucve
ubuntucve
CVE-2011-2984
2011-08-19 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities (Windows)
2011-09-09 00:00:00
Mozilla Products Multiple Vulnerabilities - Windows
2011-09-09 00:00:00
RedHat Update for firefox RHSA-2011:1164-01
2011-08-19 00:00:00
oraclelinux
oraclelinux
firefox security update
2011-08-16 00:00:00
nessus
nessus
Debian DSA-2296-1 : iceweasel - several vulnerabilities
2011-08-18 00:00:00
Debian DSA-2297-1 : icedove - several vulnerabilities
2011-08-23 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2011-08-26 00:00:00
Firefox and Xulrunner vulnerabilities
2011-08-19 00:00:00
centos
centos
firefox, xulrunner security update
2011-08-16 23:27:06
osv
osv
iceweasel - several
2011-08-17 00:00:00
iceape - several
2011-08-17 00:00:00
icedove - several
2011-08-21 00:00:00
debian
debian
[SECURITY] [DSA 2295-1] iceape security update
2011-08-17 17:37:19
[BSA-046] Security Update for icedove
2011-08-26 20:23:59
[SECURITY] [DSA 2297-1] icedove security update
2011-08-21 18:57:44
redhat
redhat
(RHSA-2011:1164) Critical: firefox security update
2011-08-16 00:00:00
mozilla
mozilla
Security issues addressed in Thunderbird 3.1.12 — Mozilla
2011-08-16 00:00:00
Security issues addressed in Firefox 3.6.20 — Mozilla
2011-08-16 00:00:00
suse
suse
MozillaFirefox: Update to Firefox 3.6.20 (important)
2011-08-26 20:08:19
MozillaThunderbird: Update to 3.1.12 (important)
2011-08-29 20:08:38
Security update for Mozilla Firefox (important)
2011-08-29 21:08:22
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-08-16 00:00:00
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkey多个安全漏洞
2011-08-18 00:00:00
securityvulns
securityvulns
Mozilla Fireox / Seamonkey / Thunderbird multiple security vulnerabilities
2011-08-19 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.018 Low
EPSS
Percentile
88.3%
Related for NVD:CVE-2011-2984