CVE-2011-2999

Priority
Description
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0,
and SeaMonkey before 2.3 do not properly handle "location" as the name of a
frame, which allows remote attackers to bypass the Same Origin Policy via a
crafted web site, a different vulnerability than CVE-2010-0170.
Package
Upstream:released (3.6.23, 6.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (2.3)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:released (3.1.5, 6.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:released (1.9.2.23)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-01-14 21:58:48 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)