Back to search
CVE-2011-2605
Published: Jun 30, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.mozilla.org/show_bug.cgi?id=643051
x_refsource_CONFIRM
oval:org.mitre.oval:def:14401
vdb-entry
signature
x_refsource_OVAL
RHSA-2011:0887
vendor-advisory
x_refsource_REDHAT
RHSA-2011:0885
vendor-advisory
x_refsource_REDHAT
http://www.mozilla.org/security/announce/2011/mfsa2011-19.html
x_refsource_MISC
RHSA-2011:0888
vendor-advisory
x_refsource_REDHAT
RHSA-2011:0886
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now