CVE-2011-2984

Published: 19 August 2011

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (3.6.20)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream Needs triage
(Ubuntu source uses 3.6.x)
firefox-3.5
Launchpad, Ubuntu, Debian
Upstream Needs triage
(Ubuntu source uses 3.6.x)
seamonkey
Launchpad, Ubuntu, Debian
Upstream Needs triage

thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (3.1.12)
xulrunner-1.9.2
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.2.20)
xulrunner-2.0
Launchpad, Ubuntu, Debian
Upstream Not vulnerable