1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
PublicDateAtUSN: 2011-08-17
Candidate: CVE-2011-2993
PublicDate: 2011-08-18
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2993
http://www.ubuntu.com/usn/usn-1192-1
Description:
The implementation of digital signatures for JAR files in Mozilla Firefox
4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does
not prevent calls from unsigned JavaScript code to signed code, which
allows remote attackers to bypass the Same Origin Policy and gain
privileges via a crafted web site, a different vulnerability than
CVE-2008-2801.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: micahg
Patches_firefox:
upstream_firefox: released (6.0)
hardy_firefox: ignored (uses system xulrunner)
lucid_firefox: not-affected
maverick_firefox: not-affected
natty_firefox: released (6.0+build1+nobinonly-0ubuntu0.11.04.1)
oneiric_firefox: not-affected
precise_firefox: not-affected
quantal_firefox: not-affected
devel_firefox: not-affected
Patches_firefox-3.0:
upstream_firefox-3.0: needs-triage (Ubuntu source uses 3.6.x)
hardy_firefox-3.0: ignored (reached end-of-life)
lucid_firefox-3.0: DNE
maverick_firefox-3.0: DNE
natty_firefox-3.0: DNE
oneiric_firefox-3.0: DNE
precise_firefox-3.0: DNE
quantal_firefox-3.0: DNE
devel_firefox-3.0: DNE
Patches_firefox-3.5:
upstream_firefox-3.5: needs-triage (Ubuntu source uses 3.6.x)
hardy_firefox-3.5: DNE
lucid_firefox-3.5: DNE
maverick_firefox-3.5: DNE
natty_firefox-3.5: DNE
oneiric_firefox-3.5: DNE
precise_firefox-3.5: DNE
quantal_firefox-3.5: DNE
devel_firefox-3.5: DNE
Patches_xulrunner-1.9.2:
upstream_xulrunner-1.9.2: not-affected
hardy_xulrunner-1.9.2: ignored (reached end-of-life)
lucid_xulrunner-1.9.2: not-affected
maverick_xulrunner-1.9.2: not-affected
natty_xulrunner-1.9.2: not-affected
oneiric_xulrunner-1.9.2: DNE
precise_xulrunner-1.9.2: DNE
quantal_xulrunner-1.9.2: DNE
devel_xulrunner-1.9.2: DNE
Patches_xulrunner-2.0:
upstream_xulrunner-2.0: needed
hardy_xulrunner-2.0: DNE
lucid_xulrunner-2.0: DNE
maverick_xulrunner-2.0: DNE
natty_xulrunner-2.0: ignored (reached end-of-life)
oneiric_xulrunner-2.0: DNE
precise_xulrunner-2.0: DNE
quantal_xulrunner-2.0: DNE
devel_xulrunner-2.0: DNE
Patches_seamonkey:
upstream_seamonkey: not-affected
hardy_seamonkey: ignored (reached end-of-life)
lucid_seamonkey: not-affected
maverick_seamonkey: not-affected
natty_seamonkey: not-affected
oneiric_seamonkey: not-affected
precise_seamonkey: DNE
quantal_seamonkey: DNE
devel_seamonkey: DNE
Patches_thunderbird:
upstream_thunderbird: not-affected
hardy_thunderbird: ignored (reached end-of-life)
lucid_thunderbird: not-affected
maverick_thunderbird: not-affected
natty_thunderbird: not-affected
oneiric_thunderbird: not-affected
precise_thunderbird: not-affected
quantal_thunderbird: not-affected
devel_thunderbird: not-affected
|