CVE-2011-0051

Mozilla Firefox <3.5.17 & 3.6.x <3.6.14 - CSRF

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.

References (8)

Core 8
Core References
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100128655
Various Sources x_refsource_confirm
http://downloads.avaya.com/css/P8/documents/100133195
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0313.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0312.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=616659

Scores

EPSS 0.0182
EPSS Percentile 76.2%

Details

CWE
CWE-20
Status published
Products (47)
mozilla/firefox 3.6
mozilla/firefox 3.6.2
mozilla/firefox 3.6.3
mozilla/firefox 3.6.4
mozilla/firefox 3.6.6
mozilla/firefox 3.6.7
mozilla/firefox 3.6.8
mozilla/firefox 3.6.9
mozilla/firefox 3.6.10
mozilla/firefox 3.6.11
... and 37 more
Published Mar 02, 2011
Tracked Since Feb 18, 2026