OSVDB ID: 73188

Title: Mozilla Multiple Products Trailing Dot Cookie Cross-domain Information Disclosure

Info

Disclosure

Jun 21, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 21, 2011

Description

Classification

Location: Local / Remote, Context Dependent
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade Thunderbird to 3.1.11 or higher and Firefox to 3.6.18 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	Firefox	3.6.17
Mozilla Organization	Thunderbird	3.1.10

References

OVAL ID: 13693
CVE ID: 2011-2362 (see also: NVD)
Secunia Advisory ID: 44972 44982 45002 45011 45012 45014 45038 45104 45114 45115 45138 45147 45220 45268 47636 51766
Vendor Specific Advisory URL: http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird1
http://lists.debian.org/debian-security-announce/2011/msg00139.html
http://lists.debian.org/debian-security-announce/2011/msg00141.html
http://www.mozilla.org/security/announce/2011/mfsa2011-24.html
http://www.ubuntu.com/usn/usn-1150-1/
https://hermes.opensuse.org/messages/9086893
Vendor Specific News/Changelog Entry: http://lists.debian.org/debian-security-announce/2011/msg00145.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062409.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062413.html
http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
http://support.avaya.com/css/P8/documents/100144854
http://support.avaya.com/css/P8/documents/100145333
http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
http://www.mozilla.org/security/announce/2011/mfsa2011-24.html
https://bugzilla.mozilla.org/show_bug.cgi?id=616264
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-June/001360.html
Other Advisory URL: http://www.debian.org/security/2011/dsa-2268
http://www.debian.org/security/2011/dsa-2269
http://www.debian.org/security/2011/dsa-2273
http://www.mandriva.com/security/advisories?name=MDVSA-2011:111
http://www.ubuntu.com/usn/USN-1149-1
RedHat RHSA: RHSA-2011:0885 RHSA-2011:0886 RHSA-2011:0887 RHSA-2011:0888

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/73188

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Firefox

Thunderbird

References

Credit