NVD

Id
9696  
Name
CVE-2011-2999  
Description
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2011-09-28  
Modified Date
2012-01-26  
Seq
2011-2999  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
55505 9696 CVE-2011-2999 SUSE-SU-2011:1256  View
55506 9696 CVE-2011-2999 openSUSE-SU-2011:1076  View
55507 9696 CVE-2011-2999 oval:org.mitre.oval:def:14252  View
55508 9696 CVE-2011-2999 DSA-2312  View
55509 9696 CVE-2011-2999 DSA-2313  View
55510 9696 CVE-2011-2999 DSA-2317  View
55511 9696 CVE-2011-2999 MDVSA-2011:139  View
55512 9696 CVE-2011-2999 MDVSA-2011:140  View
55513 9696 CVE-2011-2999 MDVSA-2011:141  View
55514 9696 CVE-2011-2999 http://www.mozilla.org/security/announce/2011/mfsa2011-38.html  View
55515 9696 CVE-2011-2999 RHSA-2011:1341  View
55516 9696 CVE-2011-2999 https://bugzilla.mozilla.org/show_bug.cgi?id=665548  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
32070 JVNDB-2011-002310 複数の Mozilla 製品における同一生成元ポリシーを回避される脆弱性 複数の Mozilla 製品は、location をフレームの名前として適切に処理しないため、同一生成元ポリシー (Same origin policy) を回避される脆弱性が存在します。 CVE-2011-2999 50906 CVE-2011-2999 9696 4.3 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002310.html 2011-09-27 2012-04-16 View