CVE-2011-3655 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Vendor	Product	Version
mozilla	firefox	4.0
mozilla	firefox	4.0:beta1
mozilla	firefox	4.0:beta10
mozilla	firefox	4.0:beta11
mozilla	firefox	4.0:beta12
mozilla	firefox	4.0:beta2
mozilla	firefox	4.0:beta3
mozilla	firefox	4.0:beta4
mozilla	firefox	4.0:beta5
mozilla	firefox	4.0:beta6
mozilla	firefox	4.0:beta7
mozilla	firefox	4.0:beta8
mozilla	firefox	4.0:beta9
mozilla	firefox	4.0.1
mozilla	firefox	5.0
mozilla	firefox	5.0.1
mozilla	firefox	6.0
mozilla	firefox	6.0.1
mozilla	firefox	6.0.2
mozilla	firefox	7.0
mozilla	thunderbird	5.0
mozilla	thunderbird	6.0
mozilla	thunderbird	6.0.1
mozilla	thunderbird	6.0.2
mozilla	thunderbird	7.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	Fixed 8.0+build1-0ubuntu0.11.10.3 released
natty	Fixed 8.0+build1-0ubuntu0.11.04.3 released
maverick	not-affected
lucid	not-affected
hardy	ignored

seamonkey

raring	dne
quantal	dne
precise	dne
oneiric	ignored
natty	not-affected
maverick	not-affected
lucid	not-affected
hardy	ignored

thunderbird

raring	not-affected
quantal	not-affected
precise	not-affected
oneiric	Fixed 8.0+build1-0ubuntu0.11.10.1 released
natty	Fixed released
maverick	ignored
lucid	Fixed released
hardy	ignored

xulrunner-1.9.2

raring	dne
quantal	dne
precise	dne
oneiric	dne
natty	ignored
maverick	ignored
lucid	ignored
hardy	ignored

xulrunner-2.0

raring	dne
quantal	dne
precise	dne
oneiric	dne
natty	ignored
maverick	dne
lucid	dne
hardy	dne

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://secunia.com/advisories/49055

http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

https://bugzilla.mozilla.org/show_bug.cgi?id=672182

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://secunia.com/advisories/49055

http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

https://bugzilla.mozilla.org/show_bug.cgi?id=672182

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202