Back to search
CVE-2011-2993
Published: Aug 18, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.mozilla.org/security/announce/2011/mfsa2011-33.html
x_refsource_CONFIRM
SUSE-SA:2011:037
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=657267
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
x_refsource_CONFIRM
oval:org.mitre.oval:def:14055
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now