CVE-2011-3655

Sažetak

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.

Reference

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://secunia.com/advisories/49055
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html
https://bugzilla.mozilla.org/show_bug.cgi?id=672182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:34

Objavljeno

09-11-2011 - 11:55