CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.3%
CRLF injection vulnerability in the
nsCookieService::SetCookieStringInternal function in
netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x
through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to
bypass intended access restrictions via a string containing a \n (newline)
character, which is not properly handled in a JavaScript βdocument.cookie
=β expression, a different vulnerability than CVE-2011-2374.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | firefox | <Β 3.6.23+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | firefox | <Β 3.6.23+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | firefox | <Β 7.0.1+build1+nobinonly-0ubuntu0.11.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | <Β 3.1.15+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | thunderbird | <Β 3.1.15+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | thunderbird | <Β 3.1.15+build1+nobinonly-0ubuntu0.11.04.1 | UNKNOWN |