CVE-2011-3647 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Affected Products (NVD)

Vendor	Product	Version
mozilla	firefox	𝑥 ≤ 3.6.23
mozilla	firefox	0.1
mozilla	firefox	0.2
mozilla	firefox	0.3
mozilla	firefox	0.4
mozilla	firefox	0.5
mozilla	firefox	0.6
mozilla	firefox	0.6.1
mozilla	firefox	0.7
mozilla	firefox	0.7.1
mozilla	firefox	0.8
mozilla	firefox	0.9
mozilla	firefox	0.9:rc
mozilla	firefox	0.9.1
mozilla	firefox	0.9.2
mozilla	firefox	0.9.3
mozilla	firefox	0.10
mozilla	firefox	0.10.1
mozilla	firefox	1.0
mozilla	firefox	1.0:preview_release
mozilla	firefox	1.0.1
mozilla	firefox	1.0.2
mozilla	firefox	1.0.3
mozilla	firefox	1.0.4
mozilla	firefox	1.0.5
mozilla	firefox	1.0.6
mozilla	firefox	1.0.7
mozilla	firefox	1.0.8
mozilla	firefox	1.4.1
mozilla	firefox	1.5
mozilla	firefox	1.5:beta1
mozilla	firefox	1.5:beta2
mozilla	firefox	1.5.0.1
mozilla	firefox	1.5.0.2
mozilla	firefox	1.5.0.3
mozilla	firefox	1.5.0.4
mozilla	firefox	1.5.0.5
mozilla	firefox	1.5.0.6
mozilla	firefox	1.5.0.7
mozilla	firefox	1.5.0.8
mozilla	firefox	1.5.0.9
mozilla	firefox	1.5.0.10
mozilla	firefox	1.5.0.11
mozilla	firefox	1.5.0.12
mozilla	firefox	1.5.1
mozilla	firefox	1.5.2
mozilla	firefox	1.5.3
mozilla	firefox	1.5.4
mozilla	firefox	1.5.5
mozilla	firefox	1.5.6
mozilla	firefox	1.5.7
mozilla	firefox	1.5.8
mozilla	firefox	1.8
mozilla	firefox	2.0
mozilla	firefox	2.0.0.1
mozilla	firefox	2.0.0.2
mozilla	firefox	2.0.0.3
mozilla	firefox	2.0.0.4
mozilla	firefox	2.0.0.5
mozilla	firefox	2.0.0.6
mozilla	firefox	2.0.0.7
mozilla	firefox	2.0.0.8
mozilla	firefox	2.0.0.9
mozilla	firefox	2.0.0.10
mozilla	firefox	2.0.0.11
mozilla	firefox	2.0.0.12
mozilla	firefox	2.0.0.13
mozilla	firefox	2.0.0.14
mozilla	firefox	2.0.0.15
mozilla	firefox	2.0.0.16
mozilla	firefox	2.0.0.17
mozilla	firefox	2.0.0.18
mozilla	firefox	2.0.0.19
mozilla	firefox	2.0.0.20
mozilla	firefox	3.0
mozilla	firefox	3.0.1
mozilla	firefox	3.0.2
mozilla	firefox	3.0.3
mozilla	firefox	3.0.4
mozilla	firefox	3.0.5
mozilla	firefox	3.0.6
mozilla	firefox	3.0.7
mozilla	firefox	3.0.8
mozilla	firefox	3.0.9
mozilla	firefox	3.0.10
mozilla	firefox	3.0.11
mozilla	firefox	3.0.12
mozilla	firefox	3.0.13
mozilla	firefox	3.0.14
mozilla	firefox	3.0.15
mozilla	firefox	3.0.16
mozilla	firefox	3.0.17
mozilla	firefox	3.5
mozilla	firefox	3.5.1
mozilla	firefox	3.5.2
mozilla	firefox	3.5.3
mozilla	firefox	3.5.4
mozilla	firefox	3.5.5
mozilla	firefox	3.5.6
mozilla	firefox	3.5.7
mozilla	firefox	3.5.8
mozilla	firefox	3.5.9
mozilla	firefox	3.5.10
mozilla	firefox	3.5.11
mozilla	firefox	3.5.12
mozilla	firefox	3.5.13
mozilla	firefox	3.5.14
mozilla	firefox	3.5.15
mozilla	firefox	3.6
mozilla	firefox	3.6.2
mozilla	firefox	3.6.3
mozilla	firefox	3.6.4
mozilla	firefox	3.6.6
mozilla	firefox	3.6.7
mozilla	firefox	3.6.8
mozilla	firefox	3.6.9
mozilla	firefox	3.6.10
mozilla	firefox	3.6.11
mozilla	firefox	3.6.12
mozilla	firefox	3.6.13
mozilla	firefox	3.6.14
mozilla	firefox	3.6.15
mozilla	firefox	3.6.16
mozilla	firefox	3.6.17
mozilla	firefox	3.6.18
mozilla	firefox	3.6.19
mozilla	firefox	3.6.20
mozilla	firefox	3.6.21
mozilla	firefox	3.6.22
mozilla	thunderbird	𝑥 ≤ 3.1.5
mozilla	thunderbird	0.1
mozilla	thunderbird	0.2
mozilla	thunderbird	0.3
mozilla	thunderbird	0.4
mozilla	thunderbird	0.5
mozilla	thunderbird	0.6
mozilla	thunderbird	0.7
mozilla	thunderbird	0.7.1
mozilla	thunderbird	0.7.2
mozilla	thunderbird	0.7.3
mozilla	thunderbird	0.8
mozilla	thunderbird	0.9
mozilla	thunderbird	1.0
mozilla	thunderbird	1.0.1
mozilla	thunderbird	1.0.2
mozilla	thunderbird	1.0.3
mozilla	thunderbird	1.0.4
mozilla	thunderbird	1.0.5
mozilla	thunderbird	1.0.5:beta
mozilla	thunderbird	1.0.6
mozilla	thunderbird	1.0.7
mozilla	thunderbird	1.0.8
mozilla	thunderbird	1.5
mozilla	thunderbird	1.5:beta2
mozilla	thunderbird	1.5.0.1
mozilla	thunderbird	1.5.0.2
mozilla	thunderbird	1.5.0.3
mozilla	thunderbird	1.5.0.4
mozilla	thunderbird	1.5.0.5
mozilla	thunderbird	1.5.0.6
mozilla	thunderbird	1.5.0.7
mozilla	thunderbird	1.5.0.8
mozilla	thunderbird	1.5.0.9
mozilla	thunderbird	1.5.0.10
mozilla	thunderbird	1.5.0.11
mozilla	thunderbird	1.5.0.12
mozilla	thunderbird	1.5.0.13
mozilla	thunderbird	1.5.0.14
mozilla	thunderbird	1.5.1
mozilla	thunderbird	1.5.2
mozilla	thunderbird	1.7.1
mozilla	thunderbird	1.7.3
mozilla	thunderbird	2.0
mozilla	thunderbird	2.0.0.0
mozilla	thunderbird	2.0.0.1
mozilla	thunderbird	2.0.0.2
mozilla	thunderbird	2.0.0.3
mozilla	thunderbird	2.0.0.4
mozilla	thunderbird	2.0.0.5
mozilla	thunderbird	2.0.0.6
mozilla	thunderbird	2.0.0.7
mozilla	thunderbird	2.0.0.8
mozilla	thunderbird	2.0.0.9
mozilla	thunderbird	2.0.0.11
mozilla	thunderbird	2.0.0.12
mozilla	thunderbird	2.0.0.13
mozilla	thunderbird	2.0.0.14
mozilla	thunderbird	2.0.0.15
mozilla	thunderbird	2.0.0.16
mozilla	thunderbird	2.0.0.17
mozilla	thunderbird	2.0.0.18
mozilla	thunderbird	2.0.0.19
mozilla	thunderbird	2.0.0.20
mozilla	thunderbird	2.0.0.21
mozilla	thunderbird	2.0.0.22
mozilla	thunderbird	2.0.0.23
mozilla	thunderbird	3.0
mozilla	thunderbird	3.0.1
mozilla	thunderbird	3.0.2
mozilla	thunderbird	3.0.3
mozilla	thunderbird	3.0.4
mozilla	thunderbird	3.0.5
mozilla	thunderbird	3.0.6
mozilla	thunderbird	3.0.7
mozilla	thunderbird	3.0.8
mozilla	thunderbird	3.0.9
mozilla	thunderbird	3.0.10
mozilla	thunderbird	3.0.11
mozilla	thunderbird	3.1
mozilla	thunderbird	3.1.1
mozilla	thunderbird	3.1.2
mozilla	thunderbird	3.1.3
mozilla	thunderbird	3.1.4
mozilla	thunderbird	3.1.10
mozilla	thunderbird	3.1.11

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

hardy	ignored
lucid	Fixed 3.6.24+build2+nobinonly-0ubuntu0.10.04.1 released
maverick	Fixed 3.6.24+build2+nobinonly-0ubuntu0.10.10.1 released
natty	not-affected
oneiric	not-affected
precise	not-affected
quantal	not-affected
raring	not-affected
saucy	not-affected

seamonkey

hardy	ignored
lucid	ignored
maverick	ignored
natty	ignored
oneiric	ignored
precise	dne
quantal	dne
raring	dne
saucy	dne

thunderbird

hardy	ignored
lucid	Fixed 3.1.16+build2+nobinonly-0ubuntu0.10.04.1 released
maverick	Fixed 3.1.16+build2+nobinonly-0ubuntu0.10.10.1 released
natty	Fixed 3.1.16+build2+nobinonly-0ubuntu0.11.04.1 released
oneiric	not-affected
precise	not-affected
quantal	not-affected
raring	not-affected
saucy	not-affected

xulrunner-1.9.2

hardy	ignored
lucid	Fixed 1.9.2.24+build2+nobinonly-0ubuntu0.10.04.1 released
maverick	Fixed 1.9.2.24+build2+nobinonly-0ubuntu0.10.10.1 released
natty	Fixed 1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1 released
oneiric	dne
precise	dne
quantal	dne
raring	dne
saucy	dne

xulrunner-2.0

hardy	dne
lucid	dne
maverick	dne
natty	ignored
oneiric	dne
precise	dne
quantal	dne
raring	dne
saucy	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://www.mozilla.org/security/announce/2011/mfsa2011-46.html

http://www.redhat.com/support/errata/RHSA-2011-1439.html

https://bugzilla.mozilla.org/show_bug.cgi?id=680880

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13550

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://www.mozilla.org/security/announce/2011/mfsa2011-46.html

http://www.redhat.com/support/errata/RHSA-2011-1439.html

https://bugzilla.mozilla.org/show_bug.cgi?id=680880

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13550