Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2011-09-28 17:55
Updated : 2017-09-18 18:33
NVD link : CVE-2011-3001
Mitre link : CVE-2011-3001
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
mozilla
- firefox
- seamonkey
- thunderbird