CVE-2011-2983

Published: 19 August 2011

Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (3.6.20)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream Needs triage
(Ubuntu source uses 3.6.x)
firefox-3.5
Launchpad, Ubuntu, Debian
Upstream Needs triage
(Ubuntu source uses 3.6.x)
seamonkey
Launchpad, Ubuntu, Debian
Upstream Needs triage

thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (3.1.12)
xulrunner-1.9.2
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.2.20)
xulrunner-2.0
Launchpad, Ubuntu, Debian
Upstream Not vulnerable