CVE-2011-2605

Publication date 30 June 2011

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.

Status

Package Ubuntu Release Status
firefox 13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Fixed 7.0.1+build1+nobinonly-0ubuntu0.11.04.1
10.10 maverick
Fixed 3.6.23+build1+nobinonly-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 3.6.23+build1+nobinonly-0ubuntu0.10.04.1
8.04 LTS hardy Ignored end of life
seamonkey 13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric
Not affected
11.04 natty Ignored end of life
10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Ignored end of life
thunderbird 13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Fixed 3.1.15+build1+nobinonly-0ubuntu0.11.04.1
10.10 maverick
Fixed 3.1.15+build1+nobinonly-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 3.1.15+build1+nobinonly-0ubuntu0.10.04.1
8.04 LTS hardy Ignored end of life

References

Other references