CVE-2011-2983

Firefox < 3.6.20 - Same Origin Policy Bypass via RegExp.input Use-After-Free

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:127
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2297
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2296
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025940
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1164.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=626297
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1165.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2295
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14272
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1167.html

Scores

EPSS 0.0158
EPSS Percentile 72.5%

Details

CWE
CWE-200
Status published
Products (47)
mozilla/firefox 1.0 (2 CPE variants)
mozilla/firefox 1.0.1
mozilla/firefox 1.0.2
mozilla/firefox 1.0.3
mozilla/firefox 1.0.4
mozilla/firefox 1.0.5
mozilla/firefox 1.0.6
mozilla/firefox 1.0.7
mozilla/firefox 1.0.8
mozilla/firefox 1.5 (3 CPE variants)
... and 37 more
Published Aug 18, 2011
Tracked Since Feb 18, 2026