CVE-2011-3655

Mozilla Firefox <8 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14202
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49055
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=672182

Scores

EPSS 0.0187
EPSS Percentile 76.7%

Details

CWE
CWE-94
Status published
Products (13)
mozilla/firefox 4.0 (13 CPE variants)
mozilla/firefox 4.0.1
mozilla/firefox 5.0
mozilla/firefox 5.0.1
mozilla/firefox 6.0
mozilla/firefox 6.0.1
mozilla/firefox 6.0.2
mozilla/firefox 7.0
mozilla/thunderbird 5.0
mozilla/thunderbird 6.0
... and 3 more
Published Nov 09, 2011
Tracked Since Feb 18, 2026