What is the severity of CVE-2011-2981?

CVE-2011-2981 has a high severity rating due to its potential to allow remote attackers to bypass the Same Origin Policy.

How do I fix CVE-2011-2981?

To fix CVE-2011-2981, upgrade to Mozilla Firefox version 3.6.20 or later, SeaMonkey version 2.x, or Thunderbird version 3.1.12 or later.

What software versions are vulnerable to CVE-2011-2981?

CVE-2011-2981 affects multiple versions of Mozilla Firefox before 3.6.20, SeaMonkey 2.x, and Thunderbird versions prior to 3.1.12.

What kind of attacks can CVE-2011-2981 enable?

CVE-2011-2981 can enable remote attackers to execute arbitrary JavaScript and potentially compromise user data.

Is there a known fix for CVE-2011-2981?

Yes, a known fix for CVE-2011-2981 is provided in the updates for affected Mozilla software products.

Vulnerability/
CVE-2011-2981

critical

9.3

CWE

18/8/2011

6/8/2024

CVE-2011-2981

First published: Thu Aug 18 2011(Updated: )

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	=3.6.2
Mozilla Firefox	=2.0.0.12
Mozilla Firefox	=3.5.18
Mozilla Firefox	=1.5-beta2
Mozilla Firefox	=3.0.17
Mozilla Firefox	=3.5.3
Mozilla Firefox	=3.0.7
Mozilla Firefox	=1.5.2
Mozilla Firefox	=3.0.9
Mozilla Firefox	=1.5.0.6
Mozilla Firefox	=3.6.3
Mozilla Firefox	<=3.6.19
Mozilla Firefox	=2.0.0.2
Mozilla Firefox	=1.5.0.10
Mozilla Firefox	=1.5.0.3
Mozilla Firefox	=3.5.6
Mozilla Firefox	=3.0.8
Mozilla Firefox	=1.5.0.11
Mozilla Firefox	=1.5.4
Mozilla Firefox	=1.0.2
Mozilla Firefox	=3.5
Mozilla Firefox	=3.5.5
Mozilla Firefox	=3.0.4
Mozilla Firefox	=1.5-beta1
Mozilla Firefox	=3.5.9
Mozilla Firefox	=3.5.4
Mozilla Firefox	=3.5.7
Mozilla Firefox	=3.0.5
Mozilla Firefox	=3.5.11
Mozilla Firefox	=1.5
Mozilla Firefox	=3.5.14
Mozilla Firefox	=1.0.4
Mozilla Firefox	=3.6.15
Mozilla Firefox	=2.0.0.7
Mozilla Firefox	=1.0.7
Mozilla Firefox	=3.5.10
Mozilla Firefox	=3.5.1
Mozilla Firefox	=2.0.0.9
Mozilla Firefox	=3.0.14
Mozilla Firefox	=3.5.2
Mozilla Firefox	=3.6.17
Mozilla Firefox	=2.0.0.16
Mozilla Firefox	=3.6.11
Mozilla Firefox	=1.5.6
Mozilla Firefox	=2.0.0.17
Mozilla Firefox	=3.6.8
Mozilla Firefox	=2.0.0.15
Mozilla Firefox	=3.0.10
Mozilla Firefox	=3.6.9
Mozilla Firefox	=3.6.14
Mozilla Firefox	=3.0.12
Mozilla Firefox	=1.0
Mozilla Firefox	=3.0.3
Mozilla Firefox	=1.5.0.7
Mozilla Firefox	=3.6.12
Mozilla Firefox	=2.0
Mozilla Firefox	=1.0.1
Mozilla Firefox	=3.5.17
Mozilla Firefox	=2.0.0.14
Mozilla Firefox	=3.0.6
Mozilla Firefox	=3.0.15
Mozilla Firefox	=1.5.0.8
Mozilla Firefox	=2.0.0.3
Mozilla Firefox	=3.5.12
Mozilla Firefox	=1.5.0.9
Mozilla Firefox	=3.6.6
Mozilla Firefox	=1.5.0.5
Mozilla Firefox	=1.5.7
Mozilla Firefox	=1.5.0.12
Mozilla Firefox	=2.0.0.6
Mozilla Firefox	=3.0
Mozilla Firefox	=2.0.0.11
Mozilla Firefox	=1.5.0.2
Mozilla Firefox	=3.6.16
Mozilla Firefox	=1.0.3
Mozilla Firefox	=3.0.1
Mozilla Firefox	=2.0.0.4
Mozilla Firefox	=1.5.1
Mozilla Firefox	=3.6.10
Mozilla Firefox	=2.0.0.13
Mozilla Firefox	=2.0.0.18
Mozilla Firefox	=3.5.13
Mozilla Firefox	=2.0.0.1
Mozilla Firefox	=3.0.2
Mozilla Firefox	=3.5.19
Mozilla Firefox	=3.5.8
Mozilla Firefox	=3.6.7
Mozilla Firefox	=1.5.5
Mozilla Firefox	=1.0-preview_release
Mozilla Firefox	=3.6.4
Mozilla Firefox	=3.6.18
Mozilla Firefox	=3.5.15
Mozilla Firefox	=3.6
Mozilla Firefox	=2.0.0.20
Mozilla Firefox	=2.0.0.8
Mozilla Firefox	=2.0.0.19
Mozilla Firefox	=1.5.8
Mozilla Firefox	=3.6.13
Mozilla Firefox	=1.5.3
Mozilla Firefox	=1.5.0.4
Mozilla Firefox	=1.5.0.1
Mozilla Firefox	=3.0.13
Mozilla Firefox	=3.5.16
Mozilla Firefox	=1.0.5
Mozilla Firefox	=2.0.0.5
Mozilla Firefox	=2.0.0.10
Mozilla Firefox	=1.0.6
Mozilla Firefox	=3.0.16
Mozilla Firefox	=1.0.8
Mozilla Firefox	=3.0.11
Mozilla SeaMonkey	=2.0.10
Mozilla SeaMonkey	=2.0.13
Mozilla SeaMonkey	=2.0.4
Mozilla SeaMonkey	=2.1-alpha2
Mozilla SeaMonkey	=2.0.3
Mozilla SeaMonkey	=2.0.2
Mozilla SeaMonkey	=2.0-alpha_2
Mozilla SeaMonkey	=2.0.8
Mozilla SeaMonkey	=2.0-rc2
Mozilla SeaMonkey	=2.0-alpha_3
Mozilla SeaMonkey	=2.0.12
Mozilla SeaMonkey	=2.0.11
Mozilla SeaMonkey	=2.0-beta_2
Mozilla SeaMonkey	=2.0-alpha_1
Mozilla SeaMonkey	=2.0.9
Mozilla SeaMonkey	=2.1-alpha1
Mozilla SeaMonkey	=2.0.1
Mozilla SeaMonkey	=2.0.14
Mozilla SeaMonkey	=2.0.7
Mozilla SeaMonkey	=2.0-beta_1
Mozilla SeaMonkey	=2.0.5
Mozilla SeaMonkey	=2.0-rc1
Mozilla SeaMonkey	=2.0.6
Mozilla SeaMonkey	=2.1-alpha3
Mozilla SeaMonkey	=2.0
Mozilla Thunderbird	=3.0.8
Mozilla Thunderbird	=3.0.5
Mozilla Thunderbird	=3.1.8
Mozilla Thunderbird	=3.1.11
Mozilla Thunderbird	=3.0.9
Mozilla Thunderbird	=3.0.1
Mozilla Thunderbird	=3.1.7
Mozilla Thunderbird	=3.1.2
Mozilla Thunderbird	=3.1.9
Mozilla Thunderbird	=3.1.1
Mozilla Thunderbird	=3.1.4
Mozilla Thunderbird	=3.0.7
Mozilla Thunderbird	=3.0.6
Mozilla Thunderbird	=3.0.10
Mozilla Thunderbird	=3.0.3
Mozilla Thunderbird	=3.1.5
Mozilla Thunderbird	=3.0.11
Mozilla Thunderbird	=3.1.10
Mozilla Thunderbird	=3.0.4
Mozilla Thunderbird	=3.0
Mozilla Thunderbird	=3.1
Mozilla Thunderbird	=3.1.3
Mozilla Thunderbird	=3.1.6
Mozilla Thunderbird	=3.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-2981?
CVE-2011-2981 has a high severity rating due to its potential to allow remote attackers to bypass the Same Origin Policy.
How do I fix CVE-2011-2981?
To fix CVE-2011-2981, upgrade to Mozilla Firefox version 3.6.20 or later, SeaMonkey version 2.x, or Thunderbird version 3.1.12 or later.
What software versions are vulnerable to CVE-2011-2981?
CVE-2011-2981 affects multiple versions of Mozilla Firefox before 3.6.20, SeaMonkey 2.x, and Thunderbird versions prior to 3.1.12.
What kind of attacks can CVE-2011-2981 enable?
CVE-2011-2981 can enable remote attackers to execute arbitrary JavaScript and potentially compromise user data.
Is there a known fix for CVE-2011-2981?
Yes, a known fix for CVE-2011-2981 is provided in the updates for affected Mozilla software products.

agent/references
agent/type
agent/softwarecombine
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/weakness
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/tags
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/3.6.2
version/mozilla firefox/2.0.0.12
version/mozilla firefox/3.5.18
version/mozilla firefox/1.5-beta2
version/mozilla firefox/3.0.17
version/mozilla firefox/3.5.3
version/mozilla firefox/3.0.7
version/mozilla firefox/1.5.2
version/mozilla firefox/3.0.9
version/mozilla firefox/1.5.0.6
version/mozilla firefox/3.6.3
version/mozilla firefox/3.6.19
version/mozilla firefox/2.0.0.2
version/mozilla firefox/1.5.0.10
version/mozilla firefox/1.5.0.3
version/mozilla firefox/3.5.6
version/mozilla firefox/3.0.8
version/mozilla firefox/1.5.0.11
version/mozilla firefox/1.5.4
version/mozilla firefox/1.0.2
version/mozilla firefox/3.5
version/mozilla firefox/3.5.5
version/mozilla firefox/3.0.4
version/mozilla firefox/1.5-beta1
version/mozilla firefox/3.5.9
version/mozilla firefox/3.5.4
version/mozilla firefox/3.5.7
version/mozilla firefox/3.0.5
version/mozilla firefox/3.5.11
version/mozilla firefox/1.5
version/mozilla firefox/3.5.14
version/mozilla firefox/1.0.4
version/mozilla firefox/3.6.15
version/mozilla firefox/2.0.0.7
version/mozilla firefox/1.0.7
version/mozilla firefox/3.5.10
version/mozilla firefox/3.5.1
version/mozilla firefox/2.0.0.9
version/mozilla firefox/3.0.14
version/mozilla firefox/3.5.2
version/mozilla firefox/3.6.17
version/mozilla firefox/2.0.0.16
version/mozilla firefox/3.6.11
version/mozilla firefox/1.5.6
version/mozilla firefox/2.0.0.17
version/mozilla firefox/3.6.8
version/mozilla firefox/2.0.0.15
version/mozilla firefox/3.0.10
version/mozilla firefox/3.6.9
version/mozilla firefox/3.6.14
version/mozilla firefox/3.0.12
version/mozilla firefox/1.0
version/mozilla firefox/3.0.3
version/mozilla firefox/1.5.0.7
version/mozilla firefox/3.6.12
version/mozilla firefox/2.0
version/mozilla firefox/1.0.1
version/mozilla firefox/3.5.17
version/mozilla firefox/2.0.0.14
version/mozilla firefox/3.0.6
version/mozilla firefox/3.0.15
version/mozilla firefox/1.5.0.8
version/mozilla firefox/2.0.0.3
version/mozilla firefox/3.5.12
version/mozilla firefox/1.5.0.9
version/mozilla firefox/3.6.6
version/mozilla firefox/1.5.0.5
version/mozilla firefox/1.5.7
version/mozilla firefox/1.5.0.12
version/mozilla firefox/2.0.0.6
version/mozilla firefox/3.0
version/mozilla firefox/2.0.0.11
version/mozilla firefox/1.5.0.2
version/mozilla firefox/3.6.16
version/mozilla firefox/1.0.3
version/mozilla firefox/3.0.1
version/mozilla firefox/2.0.0.4
version/mozilla firefox/1.5.1
version/mozilla firefox/3.6.10
version/mozilla firefox/2.0.0.13
version/mozilla firefox/2.0.0.18
version/mozilla firefox/3.5.13
version/mozilla firefox/2.0.0.1
version/mozilla firefox/3.0.2
version/mozilla firefox/3.5.19
version/mozilla firefox/3.5.8
version/mozilla firefox/3.6.7
version/mozilla firefox/1.5.5
version/mozilla firefox/1.0-preview_release
version/mozilla firefox/3.6.4
version/mozilla firefox/3.6.18
version/mozilla firefox/3.5.15
version/mozilla firefox/3.6
version/mozilla firefox/2.0.0.20
version/mozilla firefox/2.0.0.8
version/mozilla firefox/2.0.0.19
version/mozilla firefox/1.5.8
version/mozilla firefox/3.6.13
version/mozilla firefox/1.5.3
version/mozilla firefox/1.5.0.4
version/mozilla firefox/1.5.0.1
version/mozilla firefox/3.0.13
version/mozilla firefox/3.5.16
version/mozilla firefox/1.0.5
version/mozilla firefox/2.0.0.5
version/mozilla firefox/2.0.0.10
version/mozilla firefox/1.0.6
version/mozilla firefox/3.0.16
version/mozilla firefox/1.0.8
version/mozilla firefox/3.0.11
canonical/mozilla seamonkey
version/mozilla seamonkey/2.0.10
version/mozilla seamonkey/2.0.13
version/mozilla seamonkey/2.0.4
version/mozilla seamonkey/2.1-alpha2
version/mozilla seamonkey/2.0.3
version/mozilla seamonkey/2.0.2
version/mozilla seamonkey/2.0-alpha_2
version/mozilla seamonkey/2.0.8
version/mozilla seamonkey/2.0-rc2
version/mozilla seamonkey/2.0-alpha_3
version/mozilla seamonkey/2.0.12
version/mozilla seamonkey/2.0.11
version/mozilla seamonkey/2.0-beta_2
version/mozilla seamonkey/2.0-alpha_1
version/mozilla seamonkey/2.0.9
version/mozilla seamonkey/2.1-alpha1
version/mozilla seamonkey/2.0.1
version/mozilla seamonkey/2.0.14
version/mozilla seamonkey/2.0.7
version/mozilla seamonkey/2.0-beta_1
version/mozilla seamonkey/2.0.5
version/mozilla seamonkey/2.0-rc1
version/mozilla seamonkey/2.0.6
version/mozilla seamonkey/2.1-alpha3
version/mozilla seamonkey/2.0
canonical/mozilla thunderbird
version/mozilla thunderbird/3.0.8
version/mozilla thunderbird/3.0.5
version/mozilla thunderbird/3.1.8
version/mozilla thunderbird/3.1.11
version/mozilla thunderbird/3.0.9
version/mozilla thunderbird/3.0.1
version/mozilla thunderbird/3.1.7
version/mozilla thunderbird/3.1.2
version/mozilla thunderbird/3.1.9
version/mozilla thunderbird/3.1.1
version/mozilla thunderbird/3.1.4
version/mozilla thunderbird/3.0.7
version/mozilla thunderbird/3.0.6
version/mozilla thunderbird/3.0.10
version/mozilla thunderbird/3.0.3
version/mozilla thunderbird/3.1.5
version/mozilla thunderbird/3.0.11
version/mozilla thunderbird/3.1.10
version/mozilla thunderbird/3.0.4
version/mozilla thunderbird/3.0
version/mozilla thunderbird/3.1
version/mozilla thunderbird/3.1.3
version/mozilla thunderbird/3.1.6
version/mozilla thunderbird/3.0.2

CVE-2011-2981

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-2981?

How do I fix CVE-2011-2981?

What software versions are vulnerable to CVE-2011-2981?

What kind of attacks can CVE-2011-2981 enable?

Is there a known fix for CVE-2011-2981?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2011-2981?

How do I fix CVE-2011-2981?

What software versions are vulnerable to CVE-2011-2981?

What kind of attacks can CVE-2011-2981 enable?

Is there a known fix for CVE-2011-2981?