Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-2999
HistorySep 28, 2011 - 12:00 a.m.

CVE-2011-2999

2011-09-2800:00:00
ubuntu.com
ubuntu.com
24

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.011

Percentile

84.3%

Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0,
and SeaMonkey before 2.3 do not properly handle “location” as the name of a
frame, which allows remote attackers to bypass the Same Origin Policy via a
crafted web site, a different vulnerability than CVE-2010-0170.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 3.6.23+build1+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchfirefox< 3.6.23+build1+nobinonly-0ubuntu0.10.10.1UNKNOWN
ubuntu11.04noarchfirefox< 7.0.1+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
ubuntu10.04noarchthunderbird< 3.1.15+build1+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchthunderbird< 3.1.15+build1+nobinonly-0ubuntu0.10.10.1UNKNOWN
ubuntu11.04noarchthunderbird< 3.1.15+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN
ubuntu10.04noarchxulrunner-1.9.2< 1.9.2.23+build1+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchxulrunner-1.9.2< 1.9.2.23+build1+nobinonly-0ubuntu0.10.10.1UNKNOWN
ubuntu11.04noarchxulrunner-1.9.2< 1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.011

Percentile

84.3%