1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
PublicDateAtUSN: 2011-09-30
Candidate: CVE-2011-3001
PublicDate: 2011-09-28
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001
http://www.ubuntu.com/usn/usn-1222-1
Description:
Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before
2.4 do not prevent manual add-on installation in response to the holding of
the Enter key, which allows user-assisted remote attackers to bypass
intended access restrictions via a crafted web site that triggers an
unspecified internal error.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: micahg
Patches_firefox:
upstream_firefox: released (7.0)
hardy_firefox: ignored (uses system xulrunner)
lucid_firefox: not-affected
maverick_firefox: not-affected (3.6.23+build1+nobinonly-0ubuntu0.10.10.1)
natty_firefox: released (7.0.1+build1+nobinonly-0ubuntu0.11.04.1)
devel_firefox: released (7.0.1+build1+nobinonly-0ubuntu1)
|