Skip to navigation

CVE Database

CVE-2011-3647

Impact: Critical
Public: 2011-11-08
Bugzilla: 751931: CVE-2011-3647 Mozilla: Security problem with loadSubScript on 1.9.2 branch (MFSA 2011-46)

Details

The MITRE CVE dictionary describes this issue as:

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.

Find out more about CVE-2011-3647 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 6.8
Base Metrics: AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 4 (firefox) RHSA-2011:1437 November 08, 2011
Red Hat Enterprise Linux version 5 (firefox) RHSA-2011:1437 November 08, 2011
Red Hat Enterprise Linux version 6 (firefox) RHSA-2011:1437 November 08, 2011
Red Hat Enterprise Linux version 6 (thunderbird) RHSA-2011:1439 November 08, 2011

External References

http://www.mozilla.org/security/announce/2011/mfsa2011-46.html

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.