ByteOS Network

NVD Vulnerability Details :

CVE-2011-3655

Deferred

Source-cve@mitre.org

Published At-09 Nov, 2011 | 11:55

Updated At-11 Apr, 2025 | 00:51

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 9.3

Base severity: HIGH

Vector:

AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0

cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>4.0.1

cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>5.0

cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>5.0.1

cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>6.0

cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>6.0.1

cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>6.0.2

cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*

Mozilla Corporation

>>firefox>>7.0

cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>5.0

cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>6.0

cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>6.0.1

cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>6.0.2

cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*

Mozilla Corporation

>>thunderbird>>7.0

cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-94	Primary	nvd@nist.gov

CWE ID: CWE-94

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html	cve@mitre.org	N/A
http://secunia.com/advisories/49055	cve@mitre.org	N/A
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html	cve@mitre.org	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=672182	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202	cve@mitre.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/49055	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=672182	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202	af854a3a-2127-422b-91ae-364da2661108	N/A