Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-3670 | First vendor Publication | 2012-02-01 |
Vendor | Cve | Last vendor Modification | 2017-12-29 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14814 | |||
Oval ID: | oval:org.mitre.oval:def:14814 | ||
Title: | Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3670 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15231 | |||
Oval ID: | oval:org.mitre.oval:def:15231 | ||
Title: | USN-1350-1 -- Thunderbird vulnerabilities | ||
Description: | thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1350-1 CVE-2012-0442 CVE-2011-3659 CVE-2012-0444 CVE-2012-0449 CVE-2011-3670 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15451 | |||
Oval ID: | oval:org.mitre.oval:def:15451 | ||
Title: | USN-1353-1 -- Xulrunnner vulnerabilities | ||
Description: | xulrunner-1.9.2: Mozilla Gecko runtime environment Several security issues were fixed in Xulrunner. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1353-1 CVE-2012-0442 CVE-2011-3659 CVE-2012-0444 CVE-2012-0449 CVE-2011-3670 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Xulrunnner |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities) File : nvt/deb_2406_1.nasl |
2012-08-03 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0234-1 (MozillaFirefox) File : nvt/gb_suse_2012_0234_1.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos4 File : nvt/gb_CESA-2012_0079_firefox_centos4.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos5 File : nvt/gb_CESA-2012_0079_firefox_centos5.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos6 File : nvt/gb_CESA-2012_0079_firefox_centos6.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0080 centos6 File : nvt/gb_CESA-2012_0080_thunderbird_centos6.nasl |
2012-07-30 | Name : CentOS Update for seamonkey CESA-2012:0084 centos4 File : nvt/gb_CESA-2012_0084_seamonkey_centos4.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0085 centos4 File : nvt/gb_CESA-2012_0085_thunderbird_centos4.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0085 centos5 File : nvt/gb_CESA-2012_0085_thunderbird_centos5.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2012:0080-01 File : nvt/gb_RHSA-2012_0080-01_thunderbird.nasl |
2012-02-13 | Name : Ubuntu Update for xulrunner-1.9.2 USN-1353-1 File : nvt/gb_ubuntu_USN_1353_1.nasl |
2012-02-13 | Name : Ubuntu Update for thunderbird USN-1350-1 File : nvt/gb_ubuntu_USN_1350_1.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2402-1 (iceape) File : nvt/deb_2402_1.nasl |
2012-02-12 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox63.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2400-1 (iceweasel) File : nvt/deb_2400_1.nasl |
2012-02-06 | Name : Mandriva Update for mozilla MDVSA-2012:013 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_013.nasl |
2012-02-03 | Name : RedHat Update for thunderbird RHSA-2012:0085-01 File : nvt/gb_RHSA-2012_0085-01_thunderbird.nasl |
2012-02-03 | Name : Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vuln... File : nvt/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl |
2012-02-03 | Name : Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vuln... File : nvt/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl |
2012-02-03 | Name : RedHat Update for seamonkey RHSA-2012:0084-01 File : nvt/gb_RHSA-2012_0084-01_seamonkey.nasl |
2012-02-01 | Name : RedHat Update for firefox RHSA-2012:0079-01 File : nvt/gb_RHSA-2012_0079-01_firefox.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-120207.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-83.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120131_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120131_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2406.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner192-120206.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1353-1.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1350-1.nasl - Type : ACT_GATHER_INFO |
2012-02-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7949.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-013.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2400.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2402.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0a9e2b724cb711e1914614dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_3118.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_3626.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_3_1_18.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_3_6_26.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-10 01:16:02 |
|
2024-02-02 01:17:19 |
|
2024-02-01 12:05:04 |
|
2023-09-05 12:16:15 |
|
2023-09-05 01:04:57 |
|
2023-09-02 12:16:20 |
|
2023-09-02 01:05:02 |
|
2023-08-12 12:19:48 |
|
2023-08-12 01:05:03 |
|
2023-08-11 12:16:25 |
|
2023-08-11 01:05:12 |
|
2023-08-06 12:15:47 |
|
2023-08-06 01:05:03 |
|
2023-08-04 12:15:51 |
|
2023-08-04 01:05:04 |
|
2023-07-14 12:15:50 |
|
2023-07-14 01:05:01 |
|
2023-04-01 01:13:19 |
|
2023-03-29 01:17:43 |
|
2023-03-28 12:05:08 |
|
2022-10-11 12:14:08 |
|
2022-10-11 01:04:46 |
|
2021-05-04 12:17:41 |
|
2021-04-22 01:20:59 |
|
2020-10-14 01:07:05 |
|
2020-10-03 01:07:06 |
|
2020-05-29 01:06:33 |
|
2020-05-23 01:46:45 |
|
2020-05-23 00:31:14 |
|
2019-06-25 12:04:07 |
|
2019-02-01 12:02:10 |
|
2019-01-30 12:04:17 |
|
2018-07-13 01:04:25 |
|
2018-01-18 12:04:22 |
|
2017-12-29 09:21:57 |
|
2017-11-22 12:04:19 |
|
2017-11-21 12:03:31 |
|
2017-09-19 09:24:57 |
|
2016-06-28 18:50:49 |
|
2016-04-26 21:06:26 |
|
2014-06-14 13:31:45 |
|
2014-02-17 11:05:31 |
|
2013-11-15 13:20:06 |
|
2013-09-20 17:21:09 |
|
2013-05-10 23:08:17 |
|