CVE-2011-2981
First published: Thu Aug 18 2011(Updated: )
The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =3.6.2 | |
| Firefox | =2.0.0.12 | |
| Firefox | =3.5.18 | |
| Firefox | =1.5-beta2 | |
| Firefox | =3.0.17 | |
| Firefox | =3.5.3 | |
| Firefox | =3.0.7 | |
| Firefox | =1.5.2 | |
| Firefox | =3.0.9 | |
| Firefox | =1.5.0.6 | |
| Firefox | =3.6.3 | |
| Firefox | <=3.6.19 | |
| Firefox | =2.0.0.2 | |
| Firefox | =1.5.0.10 | |
| Firefox | =1.5.0.3 | |
| Firefox | =3.5.6 | |
| Firefox | =3.0.8 | |
| Firefox | =1.5.0.11 | |
| Firefox | =1.5.4 | |
| Firefox | =1.0.2 | |
| Firefox | =3.5 | |
| Firefox | =3.5.5 | |
| Firefox | =3.0.4 | |
| Firefox | =1.5-beta1 | |
| Firefox | =3.5.9 | |
| Firefox | =3.5.4 | |
| Firefox | =3.5.7 | |
| Firefox | =3.0.5 | |
| Firefox | =3.5.11 | |
| Firefox | =1.5 | |
| Firefox | =3.5.14 | |
| Firefox | =1.0.4 | |
| Firefox | =3.6.15 | |
| Firefox | =2.0.0.7 | |
| Firefox | =1.0.7 | |
| Firefox | =3.5.10 | |
| Firefox | =3.5.1 | |
| Firefox | =2.0.0.9 | |
| Firefox | =3.0.14 | |
| Firefox | =3.5.2 | |
| Firefox | =3.6.17 | |
| Firefox | =2.0.0.16 | |
| Firefox | =3.6.11 | |
| Firefox | =1.5.6 | |
| Firefox | =2.0.0.17 | |
| Firefox | =3.6.8 | |
| Firefox | =2.0.0.15 | |
| Firefox | =3.0.10 | |
| Firefox | =3.6.9 | |
| Firefox | =3.6.14 | |
| Firefox | =3.0.12 | |
| Firefox | =1.0 | |
| Firefox | =3.0.3 | |
| Firefox | =1.5.0.7 | |
| Firefox | =3.6.12 | |
| Firefox | =2.0 | |
| Firefox | =1.0.1 | |
| Firefox | =3.5.17 | |
| Firefox | =2.0.0.14 | |
| Firefox | =3.0.6 | |
| Firefox | =3.0.15 | |
| Firefox | =1.5.0.8 | |
| Firefox | =2.0.0.3 | |
| Firefox | =3.5.12 | |
| Firefox | =1.5.0.9 | |
| Firefox | =3.6.6 | |
| Firefox | =1.5.0.5 | |
| Firefox | =1.5.7 | |
| Firefox | =1.5.0.12 | |
| Firefox | =2.0.0.6 | |
| Firefox | =3.0 | |
| Firefox | =2.0.0.11 | |
| Firefox | =1.5.0.2 | |
| Firefox | =3.6.16 | |
| Firefox | =1.0.3 | |
| Firefox | =3.0.1 | |
| Firefox | =2.0.0.4 | |
| Firefox | =1.5.1 | |
| Firefox | =3.6.10 | |
| Firefox | =2.0.0.13 | |
| Firefox | =2.0.0.18 | |
| Firefox | =3.5.13 | |
| Firefox | =2.0.0.1 | |
| Firefox | =3.0.2 | |
| Firefox | =3.5.19 | |
| Firefox | =3.5.8 | |
| Firefox | =3.6.7 | |
| Firefox | =1.5.5 | |
| Firefox | =1.0-preview_release | |
| Firefox | =3.6.4 | |
| Firefox | =3.6.18 | |
| Firefox | =3.5.15 | |
| Firefox | =3.6 | |
| Firefox | =2.0.0.20 | |
| Firefox | =2.0.0.8 | |
| Firefox | =2.0.0.19 | |
| Firefox | =1.5.8 | |
| Firefox | =3.6.13 | |
| Firefox | =1.5.3 | |
| Firefox | =1.5.0.4 | |
| Firefox | =1.5.0.1 | |
| Firefox | =3.0.13 | |
| Firefox | =3.5.16 | |
| Firefox | =1.0.5 | |
| Firefox | =2.0.0.5 | |
| Firefox | =2.0.0.10 | |
| Firefox | =1.0.6 | |
| Firefox | =3.0.16 | |
| Firefox | =1.0.8 | |
| Firefox | =3.0.11 | |
| Mozilla SeaMonkey | =2.0.10 | |
| Mozilla SeaMonkey | =2.0.13 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.1-alpha2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0.8 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0.12 | |
| Mozilla SeaMonkey | =2.0.11 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0.9 | |
| Mozilla SeaMonkey | =2.1-alpha1 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.14 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Mozilla SeaMonkey | =2.1-alpha3 | |
| Mozilla SeaMonkey | =2.0 | |
| Thunderbird | =3.0.8 | |
| Thunderbird | =3.0.5 | |
| Thunderbird | =3.1.8 | |
| Thunderbird | =3.1.11 | |
| Thunderbird | =3.0.9 | |
| Thunderbird | =3.0.1 | |
| Thunderbird | =3.1.7 | |
| Thunderbird | =3.1.2 | |
| Thunderbird | =3.1.9 | |
| Thunderbird | =3.1.1 | |
| Thunderbird | =3.1.4 | |
| Thunderbird | =3.0.7 | |
| Thunderbird | =3.0.6 | |
| Thunderbird | =3.0.10 | |
| Thunderbird | =3.0.3 | |
| Thunderbird | =3.1.5 | |
| Thunderbird | =3.0.11 | |
| Thunderbird | =3.1.10 | |
| Thunderbird | =3.0.4 | |
| Thunderbird | =3.0 | |
| Thunderbird | =3.1 | |
| Thunderbird | =3.1.3 | |
| Thunderbird | =3.1.6 | |
| Thunderbird | =3.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=643450
- https://bugzilla.mozilla.org/show_bug.cgi?id=614151
- https://bugzilla.mozilla.org/show_bug.cgi?id=650252
- http://www.redhat.com/support/errata/RHSA-2011-1164.html
- http://www.debian.org/security/2011/dsa-2295
- http://www.debian.org/security/2011/dsa-2296
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:127
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
- http://www.debian.org/security/2011/dsa-2297
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14512
Frequently Asked Questions
What is the severity of CVE-2011-2981?
CVE-2011-2981 has a high severity rating due to its potential to allow remote attackers to bypass the Same Origin Policy.
How do I fix CVE-2011-2981?
To fix CVE-2011-2981, upgrade to Mozilla Firefox version 3.6.20 or later, SeaMonkey version 2.x, or Thunderbird version 3.1.12 or later.
What software versions are vulnerable to CVE-2011-2981?
CVE-2011-2981 affects multiple versions of Mozilla Firefox before 3.6.20, SeaMonkey 2.x, and Thunderbird versions prior to 3.1.12.
What kind of attacks can CVE-2011-2981 enable?
CVE-2011-2981 can enable remote attackers to execute arbitrary JavaScript and potentially compromise user data.
Is there a known fix for CVE-2011-2981?
Yes, a known fix for CVE-2011-2981 is provided in the updates for affected Mozilla software products.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/3.6.2
- version/firefox/2.0.0.12
- version/firefox/3.5.18
- version/firefox/1.5-beta2
- version/firefox/3.0.17
- version/firefox/3.5.3
- version/firefox/3.0.7
- version/firefox/1.5.2
- version/firefox/3.0.9
- version/firefox/1.5.0.6
- version/firefox/3.6.3
- version/firefox/3.6.19
- version/firefox/2.0.0.2
- version/firefox/1.5.0.10
- version/firefox/1.5.0.3
- version/firefox/3.5.6
- version/firefox/3.0.8
- version/firefox/1.5.0.11
- version/firefox/1.5.4
- version/firefox/1.0.2
- version/firefox/3.5
- version/firefox/3.5.5
- version/firefox/3.0.4
- version/firefox/1.5-beta1
- version/firefox/3.5.9
- version/firefox/3.5.4
- version/firefox/3.5.7
- version/firefox/3.0.5
- version/firefox/3.5.11
- version/firefox/1.5
- version/firefox/3.5.14
- version/firefox/1.0.4
- version/firefox/3.6.15
- version/firefox/2.0.0.7
- version/firefox/1.0.7
- version/firefox/3.5.10
- version/firefox/3.5.1
- version/firefox/2.0.0.9
- version/firefox/3.0.14
- version/firefox/3.5.2
- version/firefox/3.6.17
- version/firefox/2.0.0.16
- version/firefox/3.6.11
- version/firefox/1.5.6
- version/firefox/2.0.0.17
- version/firefox/3.6.8
- version/firefox/2.0.0.15
- version/firefox/3.0.10
- version/firefox/3.6.9
- version/firefox/3.6.14
- version/firefox/3.0.12
- version/firefox/1.0
- version/firefox/3.0.3
- version/firefox/1.5.0.7
- version/firefox/3.6.12
- version/firefox/2.0
- version/firefox/1.0.1
- version/firefox/3.5.17
- version/firefox/2.0.0.14
- version/firefox/3.0.6
- version/firefox/3.0.15
- version/firefox/1.5.0.8
- version/firefox/2.0.0.3
- version/firefox/3.5.12
- version/firefox/1.5.0.9
- version/firefox/3.6.6
- version/firefox/1.5.0.5
- version/firefox/1.5.7
- version/firefox/1.5.0.12
- version/firefox/2.0.0.6
- version/firefox/3.0
- version/firefox/2.0.0.11
- version/firefox/1.5.0.2
- version/firefox/3.6.16
- version/firefox/1.0.3
- version/firefox/3.0.1
- version/firefox/2.0.0.4
- version/firefox/1.5.1
- version/firefox/3.6.10
- version/firefox/2.0.0.13
- version/firefox/2.0.0.18
- version/firefox/3.5.13
- version/firefox/2.0.0.1
- version/firefox/3.0.2
- version/firefox/3.5.19
- version/firefox/3.5.8
- version/firefox/3.6.7
- version/firefox/1.5.5
- version/firefox/1.0-preview_release
- version/firefox/3.6.4
- version/firefox/3.6.18
- version/firefox/3.5.15
- version/firefox/3.6
- version/firefox/2.0.0.20
- version/firefox/2.0.0.8
- version/firefox/2.0.0.19
- version/firefox/1.5.8
- version/firefox/3.6.13
- version/firefox/1.5.3
- version/firefox/1.5.0.4
- version/firefox/1.5.0.1
- version/firefox/3.0.13
- version/firefox/3.5.16
- version/firefox/1.0.5
- version/firefox/2.0.0.5
- version/firefox/2.0.0.10
- version/firefox/1.0.6
- version/firefox/3.0.16
- version/firefox/1.0.8
- version/firefox/3.0.11
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.0.10
- version/mozilla seamonkey/2.0.13
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.1-alpha2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0.12
- version/mozilla seamonkey/2.0.11
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0.9
- version/mozilla seamonkey/2.1-alpha1
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.14
- version/mozilla seamonkey/2.0.7
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/2.1-alpha3
- version/mozilla seamonkey/2.0
- canonical/thunderbird
- version/thunderbird/3.0.8
- version/thunderbird/3.0.5
- version/thunderbird/3.1.8
- version/thunderbird/3.1.11
- version/thunderbird/3.0.9
- version/thunderbird/3.0.1
- version/thunderbird/3.1.7
- version/thunderbird/3.1.2
- version/thunderbird/3.1.9
- version/thunderbird/3.1.1
- version/thunderbird/3.1.4
- version/thunderbird/3.0.7
- version/thunderbird/3.0.6
- version/thunderbird/3.0.10
- version/thunderbird/3.0.3
- version/thunderbird/3.1.5
- version/thunderbird/3.0.11
- version/thunderbird/3.1.10
- version/thunderbird/3.0.4
- version/thunderbird/3.0
- version/thunderbird/3.1
- version/thunderbird/3.1.3
- version/thunderbird/3.1.6
- version/thunderbird/3.0.2