OSVDB ID: 74586

Title: Mozilla Multiple Products RegExp.input Property Same Origin Policy Bypass Information Disclosure

Info

Disclosure

Aug 16, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 16, 2011

Description

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade Firefox to version 3.6.20 or higher and Thunderbird to version 3.1.12 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	Firefox	3.6.19
Mozilla Organization	Thunderbird	3.1.11

References

Security Tracker: 1025940
OVAL ID: 14272
CVE ID: 2011-2983 (see also: NVD)
Secunia Advisory ID: 45612 45624 45647 45650 45651 45652 45666 45688 45718 45755 45776 45802 45825 45831 45844 51766
Related OSVDB ID: 74581 74582 74583 74584 74585 74587 74588 74589 74590 74591 74592 74593 74594 74595 74596
Vendor Specific News/Changelog Entry: http://lists.debian.org/debian-security-announce/2011/msg00169.html
http://lists.debian.org/debian-security-announce/2011/msg00170.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064383.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064384.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064386.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064390.html
http://lists.opensuse.org/opensuse-updates/2011-08/msg00042.html
http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
https://bugzilla.mozilla.org/show_bug.cgi?id=626297
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-August/001397.html
Vendor Specific Advisory URL: http://lists.debian.org/debian-security-announce/2011/msg00171.html
http://lists.opensuse.org/opensuse-updates/2011-08/msg00040.html
http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
http://www.mozilla.org/security/announce/2011/mfsa2011-32.html
http://www.suse.com/support/security/advisories/2011_37_firefox.html
http://www.ubuntu.com/usn/usn-1185-1/
https://hermes.opensuse.org/messages/11623434
Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
Other Advisory URL: http://www.debian.org/security/2011/dsa-2295
http://www.debian.org/security/2011/dsa-2296
http://www.debian.org/security/2011/dsa-2297
http://www.mandriva.com/security/advisories?name=MDVSA-2011:127
RedHat RHSA: RHSA-2011:1164 RHSA-2011:1165 RHSA-2011:1167

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/74586

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Firefox

Thunderbird

References

Credit