CVE-2011-3655 Information

Description

Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper which allows remote attackers to gain privileges via a crafted web site.

Reference

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html http://secunia.com/advisories/49055 http://www.mozilla.org/security/announce/2011/mfsa2011-52.html https://bugzilla.mozilla.org/show_bug.cgi?id=672182 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A14202