Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1192-1
HistoryAug 17, 2011 - 12:00 a.m.

Firefox vulnerabilities

2011-08-1700:00:00
ubuntu.com
52

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

10

Confidence

High

EPSS

0.802

Percentile

98.4%

JSON

Releases

  • Ubuntu 11.04

Packages

  • firefox - Mozilla Open Source web browser

Details

Aral Yaman discovered a vulnerability in the WebGL engine. An attacker
could potentially use this to crash Firefox or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2011-2989)

Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An
attacker could potentially use this to crash Firefox or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2011-2991)

Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg
reader. An attacker could potentially use this to crash Firefox or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2011-2991)

Robert Kaiser, Jesse Ruderman, Gary Kwong, Christoph Diehl, Martijn
Wargers, Travis Emmitt, Bob Clary, and Jonathan Watt discovered multiple
memory vulnerabilities in the browser rendering engine. An attacker could
use these to possibly execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2011-2985)

Rafael Gieschke discovered that unsigned JavaScript could call into a
script inside a signed JAR. This could allow an attacker to execute
arbitrary code with the identity and permissions of the signed JAR.
(CVE-2011-2993)

Michael Jordon discovered that an overly long shader program could cause a
buffer overrun. An attacker could potentially use this to crash Firefox or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2011-2988)

Michael Jordon discovered a heap overflow in the ANGLE library used in
Firefoxโ€™s WebGL implementation. An attacker could potentially use this to
crash Firefox or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2011-2987)

It was discovered that an SVG text manipulation routine contained a
dangling pointer vulnerability. An attacker could potentially use this to
crash Firefox or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2011-0084)

Mike Cardwell discovered that Content Security Policy violation reports
failed to strip out proxy authorization credentials from the list of
request headers. This could allow a malicious website to capture proxy
authorization credentials. Daniel Veditz discovered that redirecting to a
website with Content Security Policy resulted in the incorrect resolution
of hosts in the constructed policy. This could allow a malicious website to
circumvent the Content Security Policy of another website. (CVE-2011-2990)

OSVersionArchitecturePackageVersionFilename
Ubuntu11.04noarchfirefox<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchabrowser<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchabrowser-branding<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchfirefox-branding<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchfirefox-dbg<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchfirefox-dev<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchfirefox-globalmenu<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchfirefox-gnome-support<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchfirefox-gnome-support-dbg<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
Ubuntu11.04noarchfirefox-mozsymbols<ย 6.0+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN

Related

nessus 44
openvas 58
ubuntu 4
mozilla 5
suse 7
seebug 1
securityvulns 2
freebsd 1
prion 9
nvd 9
cve 9
cvelist 9
ubuntucve 9
checkpoint_advisories 2
veracode 1
zdi 1
oraclelinux 2
redhat 2
debian 4
osv 3
centos 1
gentoo 1
nessus
nessus
Ubuntu 11.04 : firefox vulnerabilities (USN-1192-1)
2011-08-18 00:00:00
Ubuntu 11.04 : libvoikko regression (USN-1192-3)
2011-10-20 00:00:00
Ubuntu 11.04 : mozvoikko update (USN-1192-2)
2011-08-18 00:00:00
openvas
openvas
Ubuntu Update for firefox USN-1192-1
2011-08-19 00:00:00
Ubuntu: Security Advisory (USN-1192-1)
2011-08-19 00:00:00
Ubuntu: Security Advisory (USN-1192-2)
2011-08-19 00:00:00
ubuntu
ubuntu
Libvoikko regression
2011-10-19 00:00:00
Mozvoikko update
2011-08-17 00:00:00
Thunderbird vulnerabilities
2011-08-26 00:00:00
mozilla
mozilla
Security issues addressed in Firefox 6 โ€” Mozilla
2011-08-16 00:00:00
Security issues addressed in SeaMonkey 2.3 โ€” Mozilla
2011-08-16 00:00:00
Security issues addressed in Thunderbird 6 โ€” Mozilla
2011-08-16 00:00:00
suse
suse
seamonkey: Update to Mozilla Seamonkey 2.3 (important)
2011-08-26 20:08:16
MozillaFirefox: Update to Firefox 6 (important)
2011-08-29 21:08:18
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2011-08-29 16:12:15
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkeyๅคšไธชๅฎ‰ๅ…จๆผๆดž
2011-08-18 00:00:00
securityvulns
securityvulns
Mozilla Fireox / Seamonkey / Thunderbird multiple security vulnerabilities
2011-08-19 00:00:00
ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability
2011-08-18 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-08-16 00:00:00
prion
prion
Memory corruption
2011-08-18 18:55:00
Design/Logic Flaw
2011-08-18 18:55:00
Heap overflow
2011-08-18 18:55:00
nvd
nvd
CVE-2011-2991
2011-08-18 18:55:01
CVE-2011-2985
2011-08-18 18:55:01
CVE-2011-2990
2011-08-18 18:55:01
cve
cve
CVE-2011-2991
2011-08-18 18:55:01
CVE-2011-2990
2011-08-18 18:55:01
CVE-2011-2985
2011-08-18 18:55:01
cvelist
cvelist
CVE-2011-2991
2011-08-18 18:00:00
CVE-2011-2990
2011-08-18 18:00:00
CVE-2011-2985
2011-08-18 18:00:00
ubuntucve
ubuntucve
CVE-2011-2991
2011-08-17 00:00:00
CVE-2011-2990
2011-08-17 00:00:00
CVE-2011-2987
2011-08-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products Malformed SVG Use After Free (CVE-2011-0084)
2012-01-03 00:00:00
Mozilla Multiple Products Malformed SVG Use After Free (CVE-2011-0084)
2012-01-03 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:01:37
zdi
zdi
Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability
2011-08-17 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2011-08-16 00:00:00
firefox security update
2011-08-16 00:00:00
redhat
redhat
(RHSA-2011:1166) Critical: thunderbird security update
2011-08-16 00:00:00
(RHSA-2011:1164) Critical: firefox security update
2011-08-16 00:00:00
debian
debian
[SECURITY] [DSA 2297-1] icedove security update
2011-08-21 18:57:44
[SECURITY] [DSA 2296-1] iceweasel security update
2011-08-17 19:13:01
[BSA-046] Security Update for icedove
2011-08-26 20:23:59
osv
osv
icedove - several
2011-08-21 00:00:00
iceape - several
2011-08-17 00:00:00
iceweasel - several
2011-08-17 00:00:00
centos
centos
firefox, xulrunner security update
2011-08-16 23:27:06
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

10

Confidence

High

EPSS

0.802

Percentile

98.4%

JSON
Related for USN-1192-1
nessus44openvas58ubuntu4mozilla5suse7seebug1securityvulns2freebsd1prion9nvd9cve9cvelist9ubuntucve9checkpoint_advisories2veracode1zdi1oraclelinux2redhat2debian4osv3centos1gentoo1