CVE-2011-3655 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Affected Products (NVD)

Vendor	Product	Version
mozilla	firefox	4.0
mozilla	firefox	4.0:beta1
mozilla	firefox	4.0:beta10
mozilla	firefox	4.0:beta11
mozilla	firefox	4.0:beta12
mozilla	firefox	4.0:beta2
mozilla	firefox	4.0:beta3
mozilla	firefox	4.0:beta4
mozilla	firefox	4.0:beta5
mozilla	firefox	4.0:beta6
mozilla	firefox	4.0:beta7
mozilla	firefox	4.0:beta8
mozilla	firefox	4.0:beta9
mozilla	firefox	4.0.1
mozilla	firefox	5.0
mozilla	firefox	5.0.1
mozilla	firefox	6.0
mozilla	firefox	6.0.1
mozilla	firefox	6.0.2
mozilla	firefox	7.0
mozilla	thunderbird	5.0
mozilla	thunderbird	6.0
mozilla	thunderbird	6.0.1
mozilla	thunderbird	6.0.2
mozilla	thunderbird	7.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

hardy	ignored
lucid	not-affected
maverick	not-affected
natty	Fixed 8.0+build1-0ubuntu0.11.04.3 released
oneiric	Fixed 8.0+build1-0ubuntu0.11.10.3 released
precise	not-affected
quantal	not-affected
raring	not-affected

seamonkey

hardy	ignored
lucid	not-affected
maverick	not-affected
natty	not-affected
oneiric	ignored
precise	dne
quantal	dne
raring	dne

thunderbird

hardy	ignored
lucid	Fixed released
maverick	ignored
natty	Fixed released
oneiric	Fixed 8.0+build1-0ubuntu0.11.10.1 released
precise	not-affected
quantal	not-affected
raring	not-affected

xulrunner-1.9.2

hardy	ignored
lucid	ignored
maverick	ignored
natty	ignored
oneiric	dne
precise	dne
quantal	dne
raring	dne

xulrunner-2.0

hardy	dne
lucid	dne
maverick	dne
natty	ignored
oneiric	dne
precise	dne
quantal	dne
raring	dne

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://secunia.com/advisories/49055

http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

https://bugzilla.mozilla.org/show_bug.cgi?id=672182

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://secunia.com/advisories/49055

http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

https://bugzilla.mozilla.org/show_bug.cgi?id=672182

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202