{ "threat_severity" : "Critical", "public_date" : "2011-03-01T00:00:00Z", "bugzilla" : { "description" : "Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)", "id" : "675087", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=675087" }, "cvss" : { "cvss_base_score" : "6.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status" : "verified" }, "details" : [ "Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2011-03-02T00:00:00Z", "advisory" : "RHSA-2011:0310", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "firefox-0:3.6.14-4.el4" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2011-03-02T00:00:00Z", "advisory" : "RHSA-2011:0312", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "thunderbird-0:1.5.0.12-35.el4" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2011-03-02T00:00:00Z", "advisory" : "RHSA-2011:0313", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "seamonkey-0:1.0.9-67.el4_8" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2011-03-02T00:00:00Z", "advisory" : "RHSA-2011:0312", "cpe" : "cpe:/a:redhat:rhel_productivity:5", "package" : "thunderbird-0:2.0.0.24-14.el5_6" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2011-03-02T00:00:00Z", "advisory" : "RHSA-2011:0310", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "firefox-0:3.6.14-4.el5_6" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2011-03-02T00:00:00Z", "advisory" : "RHSA-2011:0310", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "xulrunner-0:1.9.2.14-4.el5_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2011-03-02T00:00:00Z", "advisory" : "RHSA-2011:0310", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "firefox-0:3.6.14-4.el6_0" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2011-03-02T00:00:00Z", "advisory" : "RHSA-2011:0310", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "xulrunner-0:1.9.2.14-3.el6_0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux Extended Update Support 4.8", "fix_state" : "Affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:rhel_eus:4.8" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 4.8", "fix_state" : "Affected", "package_name" : "seamonkey", "cpe" : "cpe:/o:redhat:rhel_eus:4.8" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 4.8", "fix_state" : "Affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:rhel_eus:4.8", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.6", "fix_state" : "Affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:rhel_eus:5.6" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.6", "fix_state" : "Affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:rhel_eus:5.6", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.0", "fix_state" : "Affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:rhel_eus:6.0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-0051\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0051" ], "name" : "CVE-2011-0051", "csaw" : false }