CVE-2011-2999

MEDIUM

Description

Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.

ID	Name	Product	Family	Severity
80784	Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird3)	Nessus	Solaris Local Security Checks	critical
76024	openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)	Nessus	SuSE Local Security Checks	critical
76022	openSUSE Security Update : seamonkey (seamonkey-5210)	Nessus	SuSE Local Security Checks	critical
75968	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2011:1076-2)	Nessus	SuSE Local Security Checks	critical
75960	openSUSE Security Update : mozilla-js192 (openSUSE-SU-2011:1076-1)	Nessus	SuSE Local Security Checks	critical
75947	openSUSE Security Update : MozillaFirefox (MozillaFirefox-5208)	Nessus	SuSE Local Security Checks	critical
75743	openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)	Nessus	SuSE Local Security Checks	critical
75741	openSUSE Security Update : seamonkey (openSUSE-SU-2011:1077-1)	Nessus	SuSE Local Security Checks	critical
75668	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2011:1076-2)	Nessus	SuSE Local Security Checks	critical
75656	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1079-1)	Nessus	SuSE Local Security Checks	critical
74542	openSUSE Security Update : firefox / thunderbird (openSUSE-2011-9)	Nessus	SuSE Local Security Checks	critical
68362	Oracle Linux 4 : seamonkey (ELSA-2011-1344)	Nessus	Oracle Linux Local Security Checks	critical
68361	Oracle Linux 4 : thunderbird (ELSA-2011-1343)	Nessus	Oracle Linux Local Security Checks	critical
68360	Oracle Linux 6 : thunderbird (ELSA-2011-1342)	Nessus	Oracle Linux Local Security Checks	critical
68359	Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1341)	Nessus	Oracle Linux Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
61929	Mandriva Linux Security Advisory : firefox (MDVSA-2011:141)	Nessus	Mandriva Local Security Checks	critical
61146	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
61145	Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
61144	Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
61143	Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
57226	SuSE 10 Security Update : mozilla-nss (ZYPP Patch Number 7842) (BEAST)	Nessus	SuSE Local Security Checks	critical
57152	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7784)	Nessus	SuSE Local Security Checks	critical
57084	SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5429)	Nessus	SuSE Local Security Checks	critical
57083	SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5224)	Nessus	SuSE Local Security Checks	critical
56609	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7783)	Nessus	SuSE Local Security Checks	critical
56395	Debian DSA-2317-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
56387	Ubuntu 11.04 : mozvoikko, ubufox, webfav update (USN-1222-2)	Nessus	Ubuntu Local Security Checks	critical
56376	Firefox 3.6 < 3.6.23 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
56374	Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:140)	Nessus	Mandriva Local Security Checks	critical
56373	Mandriva Linux Security Advisory : firefox (MDVSA-2011:139)	Nessus	Mandriva Local Security Checks	critical
56347	Ubuntu 11.04 : Firefox vulnerabilities (USN-1222-1)	Nessus	Ubuntu Local Security Checks	critical
56340	Debian DSA-2313-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
56339	Debian DSA-2312-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	critical
56338	CentOS 4 : seamonkey (CESA-2011:1344)	Nessus	CentOS Local Security Checks	critical
801241	Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
56334	Firefox 3.6.x < 3.6.23 Multiple Vulnerabilities	Nessus	Windows	high
56331	Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1213-1)	Nessus	Ubuntu Local Security Checks	critical
56330	Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1210-1)	Nessus	Ubuntu Local Security Checks	critical
56329	RHEL 4 : seamonkey (RHSA-2011:1344)	Nessus	Red Hat Local Security Checks	critical
56328	RHEL 4 / 5 : thunderbird (RHSA-2011:1343)	Nessus	Red Hat Local Security Checks	critical
56327	RHEL 6 : thunderbird (RHSA-2011:1342)	Nessus	Red Hat Local Security Checks	critical
56326	RHEL 4 / 5 / 6 : firefox (RHSA-2011:1341)	Nessus	Red Hat Local Security Checks	critical
56323	FreeBSD : Mozilla -- multiple vulnerabilities (1fade8a3-e9e8-11e0-9580-4061862b8c22)	Nessus	FreeBSD Local Security Checks	critical
56312	CentOS 4 / 5 : thunderbird (CESA-2011:1343)	Nessus	CentOS Local Security Checks	critical
56311	CentOS 4 / 5 : firefox (CESA-2011:1341)	Nessus	CentOS Local Security Checks	critical
6027	Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
55902	Firefox < 6.0 Multiple Vulnerabilities	Nessus	Windows	high
55887	Mozilla Thunderbird < 6.0 Multiple Vulnerabilities	Nessus	Windows	critical
55885	SeaMonkey < 2.3.0 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2011-2999

Description

References

Details

Risk Information

CVSS v2.0