Vulnerability & Exploit Database

Displaying all 7 entries

Results for: CVE-2011-2986 Back to search

SUSE Linux Security Advisory: SUSE-SU-2014:1100-1 Vulnerability

  • Severity: 10
  • Published: September 03, 2014

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incor...

SUSE Linux Security Vulnerability: CVE-2011-2986 Vulnerability

  • Severity: 5
  • Published: August 18, 2011

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.

MFSA2011-31 Thunderbird: Security issues addressed in Thunderbird "3.1.12" (CVE-2011-2986) Vulnerability

  • Severity: 5
  • Published: August 18, 2011

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.

MFSA2011-33 SeaMonkey: Security issues addressed in SeaMonkey "2.3" (CVE-2011-2986) Vulnerability

  • Severity: 5
  • Published: August 18, 2011

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.

Gentoo Linux: CVE-2011-2986: Mozilla Products: Multiple vulnerabilities Vulnerability

  • Severity: 5
  • Published: August 18, 2011

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.

FreeBSD: mozilla -- multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 10
  • Published: August 18, 2011

The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.