CVE-2011-2605

30.06.2011, 16:55

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.

Code Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Vendor	Product	Version
mozilla	firefox	𝑥 ≤ 3.6.17
mozilla	firefox	1.0
mozilla	firefox	1.0:preview_release
mozilla	firefox	1.0.1
mozilla	firefox	1.0.2
mozilla	firefox	1.0.3
mozilla	firefox	1.0.4
mozilla	firefox	1.0.5
mozilla	firefox	1.0.6
mozilla	firefox	1.0.7
mozilla	firefox	1.0.8
mozilla	firefox	1.5
mozilla	firefox	1.5:beta1
mozilla	firefox	1.5:beta2
mozilla	firefox	1.5.0.1
mozilla	firefox	1.5.0.2
mozilla	firefox	1.5.0.3
mozilla	firefox	1.5.0.4
mozilla	firefox	1.5.0.5
mozilla	firefox	1.5.0.6
mozilla	firefox	1.5.0.7
mozilla	firefox	1.5.0.8
mozilla	firefox	1.5.0.9
mozilla	firefox	1.5.0.10
mozilla	firefox	1.5.0.11
mozilla	firefox	1.5.0.12
mozilla	firefox	1.5.1
mozilla	firefox	1.5.2
mozilla	firefox	1.5.3
mozilla	firefox	1.5.4
mozilla	firefox	1.5.5
mozilla	firefox	1.5.6
mozilla	firefox	1.5.7
mozilla	firefox	1.5.8
mozilla	firefox	2.0
mozilla	firefox	2.0.0.1
mozilla	firefox	2.0.0.2
mozilla	firefox	2.0.0.3
mozilla	firefox	2.0.0.4
mozilla	firefox	2.0.0.5
mozilla	firefox	2.0.0.6
mozilla	firefox	2.0.0.7
mozilla	firefox	2.0.0.8
mozilla	firefox	2.0.0.9
mozilla	firefox	2.0.0.10
mozilla	firefox	2.0.0.11
mozilla	firefox	2.0.0.12
mozilla	firefox	2.0.0.13
mozilla	firefox	2.0.0.14
mozilla	firefox	2.0.0.15
mozilla	firefox	2.0.0.16
mozilla	firefox	2.0.0.17
mozilla	firefox	2.0.0.18
mozilla	firefox	2.0.0.19
mozilla	firefox	2.0.0.20
mozilla	firefox	3.0
mozilla	firefox	3.0.1
mozilla	firefox	3.0.2
mozilla	firefox	3.0.3
mozilla	firefox	3.0.4
mozilla	firefox	3.0.5
mozilla	firefox	3.0.6
mozilla	firefox	3.0.7
mozilla	firefox	3.0.8
mozilla	firefox	3.0.9
mozilla	firefox	3.0.10
mozilla	firefox	3.0.11
mozilla	firefox	3.0.12
mozilla	firefox	3.0.13
mozilla	firefox	3.0.14
mozilla	firefox	3.0.15
mozilla	firefox	3.0.16
mozilla	firefox	3.0.17
mozilla	firefox	3.5
mozilla	firefox	3.5.1
mozilla	firefox	3.5.2
mozilla	firefox	3.5.3
mozilla	firefox	3.5.4
mozilla	firefox	3.5.5
mozilla	firefox	3.5.6
mozilla	firefox	3.5.7
mozilla	firefox	3.5.8
mozilla	firefox	3.5.9
mozilla	firefox	3.5.10
mozilla	firefox	3.5.11
mozilla	firefox	3.5.12
mozilla	firefox	3.5.13
mozilla	firefox	3.5.14
mozilla	firefox	3.5.15
mozilla	firefox	3.5.16
mozilla	firefox	3.5.17
mozilla	firefox	3.5.18
mozilla	firefox	3.5.19
mozilla	firefox	3.6
mozilla	firefox	3.6.2
mozilla	firefox	3.6.3
mozilla	firefox	3.6.4
mozilla	firefox	3.6.6
mozilla	firefox	3.6.7
mozilla	firefox	3.6.8
mozilla	firefox	3.6.9
mozilla	firefox	3.6.10
mozilla	firefox	3.6.11
mozilla	firefox	3.6.12
mozilla	firefox	3.6.13
mozilla	firefox	3.6.14
mozilla	firefox	3.6.15
mozilla	firefox	3.6.16
mozilla	thunderbird	𝑥 ≤ 3.1.10
mozilla	thunderbird	0.1
mozilla	thunderbird	0.2
mozilla	thunderbird	0.3
mozilla	thunderbird	0.4
mozilla	thunderbird	0.5
mozilla	thunderbird	0.6
mozilla	thunderbird	0.7
mozilla	thunderbird	0.7.1
mozilla	thunderbird	0.7.2
mozilla	thunderbird	0.7.3
mozilla	thunderbird	0.8
mozilla	thunderbird	0.9
mozilla	thunderbird	1.0
mozilla	thunderbird	1.0.1
mozilla	thunderbird	1.0.2
mozilla	thunderbird	1.0.3
mozilla	thunderbird	1.0.4
mozilla	thunderbird	1.0.5
mozilla	thunderbird	1.0.6
mozilla	thunderbird	1.0.7
mozilla	thunderbird	1.0.8
mozilla	thunderbird	1.5
mozilla	thunderbird	1.5:beta2
mozilla	thunderbird	1.5.0.1
mozilla	thunderbird	1.5.0.2
mozilla	thunderbird	1.5.0.3
mozilla	thunderbird	1.5.0.4
mozilla	thunderbird	1.5.0.5
mozilla	thunderbird	1.5.0.6
mozilla	thunderbird	1.5.0.7
mozilla	thunderbird	1.5.0.8
mozilla	thunderbird	1.5.0.9
mozilla	thunderbird	1.5.0.10
mozilla	thunderbird	1.5.0.11
mozilla	thunderbird	1.5.0.12
mozilla	thunderbird	1.5.0.13
mozilla	thunderbird	1.5.0.14
mozilla	thunderbird	1.5.1
mozilla	thunderbird	1.5.2
mozilla	thunderbird	1.7.1
mozilla	thunderbird	1.7.3
mozilla	thunderbird	2.0
mozilla	thunderbird	2.0.0.0
mozilla	thunderbird	2.0.0.1
mozilla	thunderbird	2.0.0.2
mozilla	thunderbird	2.0.0.3
mozilla	thunderbird	2.0.0.4
mozilla	thunderbird	2.0.0.5
mozilla	thunderbird	2.0.0.6
mozilla	thunderbird	2.0.0.7
mozilla	thunderbird	2.0.0.8
mozilla	thunderbird	2.0.0.9
mozilla	thunderbird	2.0.0.12
mozilla	thunderbird	2.0.0.14
mozilla	thunderbird	2.0.0.16
mozilla	thunderbird	2.0.0.17
mozilla	thunderbird	2.0.0.18
mozilla	thunderbird	2.0.0.19
mozilla	thunderbird	2.0.0.21
mozilla	thunderbird	2.0.0.22
mozilla	thunderbird	2.0.0.23
mozilla	thunderbird	3.0
mozilla	thunderbird	3.0.1
mozilla	thunderbird	3.0.2
mozilla	thunderbird	3.0.3
mozilla	thunderbird	3.0.4
mozilla	thunderbird	3.0.5
mozilla	thunderbird	3.0.6
mozilla	thunderbird	3.0.7
mozilla	thunderbird	3.0.8
mozilla	thunderbird	3.0.9
mozilla	thunderbird	3.0.10
mozilla	thunderbird	3.0.11
mozilla	thunderbird	3.1
mozilla	thunderbird	3.1.1
mozilla	thunderbird	3.1.2
mozilla	thunderbird	3.1.3
mozilla	thunderbird	3.1.4
mozilla	thunderbird	3.1.5
mozilla	thunderbird	3.1.6
mozilla	thunderbird	3.1.7
mozilla	thunderbird	3.1.8
mozilla	thunderbird	3.1.9
mozilla	firefox	4.0
mozilla	firefox	4.0:beta1
mozilla	firefox	4.0:beta10
mozilla	firefox	4.0:beta11
mozilla	firefox	4.0:beta12
mozilla	firefox	4.0:beta2
mozilla	firefox	4.0:beta3
mozilla	firefox	4.0:beta4
mozilla	firefox	4.0:beta5
mozilla	firefox	4.0:beta6
mozilla	firefox	4.0:beta7
mozilla	firefox	4.0:beta8
mozilla	firefox	4.0:beta9
mozilla	firefox	4.0.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

saucy	not-affected
raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	not-affected
natty	Fixed 7.0.1+build1+nobinonly-0ubuntu0.11.04.1 released
maverick	Fixed 3.6.23+build1+nobinonly-0ubuntu0.10.10.1 released
lucid	Fixed 3.6.23+build1+nobinonly-0ubuntu0.10.04.1 released
hardy	ignored

seamonkey

saucy	dne
raring	dne
quantal	dne
precise	dne
oneiric	not-affected
natty	ignored
maverick	ignored
lucid	ignored
hardy	ignored

thunderbird

saucy	not-affected
raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	not-affected
natty	Fixed 3.1.15+build1+nobinonly-0ubuntu0.11.04.1 released
maverick	Fixed 3.1.15+build1+nobinonly-0ubuntu0.10.10.1 released
lucid	Fixed 3.1.15+build1+nobinonly-0ubuntu0.10.04.1 released
hardy	ignored

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://www.mozilla.org/security/announce/2011/mfsa2011-19.html

http://www.redhat.com/support/errata/RHSA-2011-0885.html

http://www.redhat.com/support/errata/RHSA-2011-0886.html

http://www.redhat.com/support/errata/RHSA-2011-0887.html

http://www.redhat.com/support/errata/RHSA-2011-0888.html

https://bugzilla.mozilla.org/show_bug.cgi?id=643051