CVE-2011-3655
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
| Software | From | Fixed in |
|---|---|---|
| mozilla / firefox | 4.0-beta6 | 4.0-beta6.x |
| mozilla / firefox | 4.0-beta1 | 4.0-beta1.x |
| mozilla / firefox | 4.0-beta9 | 4.0-beta9.x |
| mozilla / firefox | 4.0-beta5 | 4.0-beta5.x |
| mozilla / firefox | 4.0-beta8 | 4.0-beta8.x |
| mozilla / firefox | 4.0-beta12 | 4.0-beta12.x |
| mozilla / firefox | 4.0-beta3 | 4.0-beta3.x |
| mozilla / firefox | 5.0.1 | 5.0.1.x |
| mozilla / firefox | 5.0 | 5.0.x |
| mozilla / firefox | 7.0 | 7.0.x |
| mozilla / firefox | 6.0.2 | 6.0.2.x |
| mozilla / firefox | 4.0-beta2 | 4.0-beta2.x |
| mozilla / firefox | 4.0-beta4 | 4.0-beta4.x |
| mozilla / firefox | 4.0-beta10 | 4.0-beta10.x |
| mozilla / firefox | 6.0.1 | 6.0.1.x |
| mozilla / firefox | 4.0 | 4.0.x |
| mozilla / firefox | 6.0 | 6.0.x |
| mozilla / firefox | 4.0-beta11 | 4.0-beta11.x |
| mozilla / firefox | 4.0-beta7 | 4.0-beta7.x |
| mozilla / firefox | 4.0.1 | 4.0.1.x |
| mozilla / thunderbird | 7.0 | 7.0.x |
| mozilla / thunderbird | 6.0.1 | 6.0.1.x |
| mozilla / thunderbird | 5.0 | 5.0.x |
| mozilla / thunderbird | 6.0.2 | 6.0.2.x |
| mozilla / thunderbird | 6.0 | 6.0.x |
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
- http://secunia.com/advisories/49055
- http://www.mozilla.org/security/announce/2011/mfsa2011-52.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=672182
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime