CVE-2011-2362
Publication date 24 June 2011
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 13.10 saucy |
Not affected
|
13.04 raring |
Not affected
|
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Fixed 3.6.18+build2+nobinonly-0ubuntu0.10.10.1
|
|
10.04 LTS lucid |
Fixed 3.6.18+build2+nobinonly-0ubuntu0.10.04.1
|
|
8.04 LTS hardy | Ignored end of life | |
firefox-3.0 | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Ignored end of life | |
firefox-3.5 | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release | |
seamonkey | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric |
Not affected
|
|
11.04 natty | Ignored end of life | |
10.10 maverick | Ignored end of life | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
thunderbird | 13.10 saucy |
Not affected
|
13.04 raring |
Not affected
|
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Fixed 3.1.11+build2+nobinonly-0ubuntu0.11.04.1
|
|
10.10 maverick |
Fixed 3.1.11+build2+nobinonly-0ubuntu0.10.10.1
|
|
10.04 LTS lucid |
Fixed 3.1.11+build2+nobinonly-0ubuntu0.10.04.1
|
|
8.04 LTS hardy | Ignored end of life | |
xulrunner-1.9.2 | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty |
Not affected
|
|
10.10 maverick |
Fixed 1.9.2.18+build2+nobinonly-0ubuntu0.10.10.1
|
|
10.04 LTS lucid |
Fixed 1.9.2.18+build2+nobinonly-0ubuntu0.10.04.1
|
|
8.04 LTS hardy | Ignored end of life | |
xulrunner-2.0 | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty |
Not affected
|
|
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
References
Related Ubuntu Security Notices (USN)
- USN-1149-1
- Firefox and Xulrunner vulnerabilities
- 22 June 2011
- USN-1150-1
- Thunderbird vulnerabilities
- 15 July 2011