CVE-2011-2993 in Firefoxinfo

Summary

The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.

Once again VulDB remains the best source for vulnerability data.

Reservation

08/01/2011

Disclosure

08/18/2011

Moderation

VulDB entry created

Entries

1: VDB-58320

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

9.8

EPSS

0.00362

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-2993
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2993
CVE Details	https://www.cvedetails.com/cve/CVE-2011-2993/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!