// For flags

CVE-2011-2372

Mozilla: Code installation through holding down Enter (MFSA 2011-40)

Severity Score

8.1
*CVSS v3

Exploit Likelihood

< 1%
*EPSS

Affected Versions

207
*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

Mozilla Firefox anteriores a v3.6.23 y 4.x anteriores a v6, Thunderbird anteriores a v7.0 y SeaMonkey anteriores a v2.4, no impiden la puesta en marcha de una descarga en respuesta a la pulsación de la tecla Enter, lo que permite a atacantes remotos asistidos por el usuario evitar las restricciones de acceso previstas a través de un sitio web manipulado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-06-03 CVE Reserved
  • 2011-09-29 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions (207)