{
  "threat_severity" : "Critical",
  "public_date" : "2011-08-16T00:00:00Z",
  "bugzilla" : {
    "description" : "Mozilla: Privilege escalation using event handlers",
    "id" : "730520",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=730520"
  },
  "cvss" : {
    "cvss_base_score" : "6.8",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2011-08-16T00:00:00Z",
    "advisory" : "RHSA-2011:1164",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "firefox-0:3.6.20-2.el4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-08-16T00:00:00Z",
    "advisory" : "RHSA-2011:1164",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "firefox-0:3.6.20-2.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-08-16T00:00:00Z",
    "advisory" : "RHSA-2011:1164",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "xulrunner-0:1.9.2.20-2.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-08-16T00:00:00Z",
    "advisory" : "RHSA-2011:1164",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "firefox-0:3.6.20-2.el6_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-08-16T00:00:00Z",
    "advisory" : "RHSA-2011:1164",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "xulrunner-0:1.9.2.20-2.el6_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.7",
    "fix_state" : "Affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.1",
    "fix_state" : "Affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-2981\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2981" ],
  "name" : "CVE-2011-2981",
  "csaw" : false
}