CVE-2011-2981

Priority
Description
The event-management implementation in Mozilla Firefox before 3.6.20,
SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products
does not properly select the context for script to run in, which allows
remote attackers to bypass the Same Origin Policy or execute arbitrary
JavaScript code with chrome privileges via a crafted web site.
Package
Upstream:released (3.6.20)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.1.12)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:released (1.9.2.20)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-01-14 21:58:45 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)