CVE-2011-3649

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://www.mozilla.org/security/announce/2011/mfsa2011-50.html

http://www.securityfocus.com/bid/50591

https://bugzilla.mozilla.org/show_bug.cgi?id=655836

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14025

Details

Source: MITRE

Published: 2011-11-09

Updated: 2017-09-19

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
76024openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)NessusSuSE Local Security Checks
critical
75743openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)NessusSuSE Local Security Checks
critical
74542openSUSE Security Update : firefox / thunderbird (openSUSE-2011-9)NessusSuSE Local Security Checks
critical
801321Mozilla Firefox 7.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801281Mozilla Thunderbird 7.0 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
6789Mozilla Thunderbird < 8.0 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6788Mozilla Firefox < 8.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
57226SuSE 10 Security Update : mozilla-nss (ZYPP Patch Number 7842) (BEAST)NessusSuSE Local Security Checks
critical
57084SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5429)NessusSuSE Local Security Checks
critical
56762FreeBSD : mozilla -- multiple vulnerabilities (6c8ad3e8-0a30-11e1-9580-4061862b8c22)NessusFreeBSD Local Security Checks
critical
56753Mozilla Thunderbird < 8.0 Multiple VulnerabilitiesNessusWindows
high
56751Firefox < 8.0 Multiple VulnerabilitiesNessusWindows
high