Mozilla Firefox and Thunderbird CVE-2011-3649 Information Disclosure Vulnerability

BID:50591

Info

Mozilla Firefox and Thunderbird CVE-2011-3649 Information Disclosure Vulnerability

Bugtraq ID: 50591
Class: Design Error
CVE: CVE-2011-3649
Remote: Yes
Local: No
Published: Nov 08 2011 12:00AM
Updated: Dec 03 2011 05:47PM
Credit: Bas Schouten
Vulnerable: SuSE SUSE Linux Enterprise Server for VMware 11 SP1
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 11 SP1
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 10 SP4
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise SDK 11 SP1
SuSE SUSE Linux Enterprise SDK 10 SP4
SuSE SUSE Linux Enterprise Desktop 11 SP1
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Desktop 10 SP4
+ Linux kernel 2.6.5
SuSE openSUSE 11.4
SuSE openSUSE 11.3
Mozilla Thunderbird 7.0
Mozilla Thunderbird 6
Mozilla Thunderbird 6
Mozilla Thunderbird 5
Mozilla Firefox 7
Mozilla Firefox 6
Mozilla Firefox 5.0
Mozilla Firefox 4.0.1
Mozilla Firefox 4.0 Beta1
Mozilla Firefox 4.0 Beta1
Mozilla Firefox 4.0
Not Vulnerable: Mozilla Thunderbird 8.0
Mozilla Firefox 8.0

Discussion

Mozilla Firefox and Thunderbird CVE-2011-3649 Information Disclosure Vulnerability

Mozilla Firefox and Thunderbird are prone to a remote information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

Exploit / POC

Mozilla Firefox and Thunderbird CVE-2011-3649 Information Disclosure Vulnerability

Attackers can exploit this issue by enticing an unsuspecting user into visiting a specially crafted webpage.

Solution / Fix

Mozilla Firefox and Thunderbird CVE-2011-3649 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

Mozilla Firefox and Thunderbird CVE-2011-3649 Information Disclosure Vulnerability

References:

© CVE.report 2026

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report