CVE-2011-3004
Gentoo Linux Security Advisory 201301-01
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior.
JSSubScriptLoader en Mozilla Firefox 4.x hasta la versión 6 y SeaMonkey anteriores a la 2.4 no maneja apropiadamente XPCNativeWrappers durante llamadas al método loadSubScript en un complemento, lo que facilita a atacantes remotos escalar privilegios a través de una web modificada que utiliza "unwrapping behavior".
Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-08-01 CVE Reserved
- 2011-09-29 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=653926 | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14121 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:141 | 2017-09-19 | |
| http://www.mozilla.org/security/announce/2011/mfsa2011-43.html | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta1 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta10 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta11 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta12 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta2 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta3 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta4 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta5 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta6 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta7 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta8 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0 Search vendor "Mozilla" for product "Firefox" and version "4.0" | beta9 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 4.0.1 Search vendor "Mozilla" for product "Firefox" and version "4.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 5.0 Search vendor "Mozilla" for product "Firefox" and version "5.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 6.0 Search vendor "Mozilla" for product "Firefox" and version "6.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | <= 2.3.3 Search vendor "Mozilla" for product "Seamonkey" and version " <= 2.3.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0" | alpha |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0" | beta |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0" | dev |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0" | alpha |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0" | beta |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.4 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.5 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.6 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.7 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.8 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.9 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.0.99 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.99" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1" | alpha |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1" | beta |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.4 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.5 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.5 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.5" | 1.1.10 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.6 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.7 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.8 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.9 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.10 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.10" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.11 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.11" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.12 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.12" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.13 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.13" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.14 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.14" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.15 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.15" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.16 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.16" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.17 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.17" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.18 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.18" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.1.19 Search vendor "Mozilla" for product "Seamonkey" and version "1.1.19" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.5.0.8 Search vendor "Mozilla" for product "Seamonkey" and version "1.5.0.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.5.0.9 Search vendor "Mozilla" for product "Seamonkey" and version "1.5.0.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 1.5.0.10 Search vendor "Mozilla" for product "Seamonkey" and version "1.5.0.10" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0 Search vendor "Mozilla" for product "Seamonkey" and version "2.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0 Search vendor "Mozilla" for product "Seamonkey" and version "2.0" | alpha_1 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0 Search vendor "Mozilla" for product "Seamonkey" and version "2.0" | alpha_2 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0 Search vendor "Mozilla" for product "Seamonkey" and version "2.0" | alpha_3 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0 Search vendor "Mozilla" for product "Seamonkey" and version "2.0" | beta_1 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0 Search vendor "Mozilla" for product "Seamonkey" and version "2.0" | beta_2 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0 Search vendor "Mozilla" for product "Seamonkey" and version "2.0" | rc1 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0 Search vendor "Mozilla" for product "Seamonkey" and version "2.0" | rc2 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.1 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.2 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.2" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.3 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.3" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.4 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.5 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.6 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.7 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.7" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.8 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.8" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.9 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.9" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.10 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.10" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.11 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.11" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.12 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.12" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.13 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.13" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0.14 Search vendor "Mozilla" for product "Seamonkey" and version "2.0.14" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0a1 Search vendor "Mozilla" for product "Seamonkey" and version "2.0a1" | pre |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.0a1pre Search vendor "Mozilla" for product "Seamonkey" and version "2.0a1pre" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.1 Search vendor "Mozilla" for product "Seamonkey" and version "2.1" | alpha1 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.1 Search vendor "Mozilla" for product "Seamonkey" and version "2.1" | alpha2 |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.1 Search vendor "Mozilla" for product "Seamonkey" and version "2.1" | alpha3 |
Affected
| ||||||