Lucene search

K

PRIOn knowledge basePRION:CVE-2011-3670

HistoryFeb 01, 2012 - 4:55 p.m.

Information disclosure

2012-02-0116:55:00

PRIOn knowledge base

www.prio-n.com

3

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.1%

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.

CPENameOperatorVersion
firefoxeq0.1
firefoxeq3.6.2
firefoxeq0.8
firefoxeq2.0.0.12
firefoxeq1.5 beta2
firefoxeq3.0.17
firefoxeq3.5.3
firefoxeq3.0.7
firefoxeq1.5.2
firefoxeq3.0.9

Rows per page:

1-10 of 3161

References

lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html

lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html

lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html

www.debian.org/security/2012/dsa-2400

www.debian.org/security/2012/dsa-2402

www.debian.org/security/2012/dsa-2406

www.mandriva.com/security/advisories?name=MDVSA-2012:013

www.mozilla.org/security/announce/2012/mfsa2012-02.html

bugzilla.mozilla.org/show_bug.cgi?id=504014

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14814

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.1%

Related for PRION:CVE-2011-3670

veracode1 mozilla1 openvas48 securityvulns3 cve1 ubuntucve1 nessus39 redhat4 centos4 oraclelinux4 debian3 osv3 suse3 ubuntu2 freebsd1 gentoo1