Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2011-2984

CVE-2011-2984

UNKNOWN

Mozilla Firefox before 3

Published Aug 18, 2011

Modified 1 years ago

Details

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.

References

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html

http://www.debian.org/security/2011/dsa-2295

http://www.debian.org/security/2011/dsa-2296

http://www.debian.org/security/2011/dsa-2297

http://www.mandriva.com/security/advisories?name=MDVSA-2011:127

http://www.mozilla.org/security/announce/2011/mfsa2011-30.html

http://www.redhat.com/support/errata/RHSA-2011-1164.html

https://bugzilla.mozilla.org/show_bug.cgi?id=572129

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14358

https://www.cve.org/CVERecord?id=CVE-2011-2984

CVSS Analysis

CVSS v2.0

10.0

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

CompleteC:C

Integrity

CompleteI:C

Availability

CompleteA:C

10/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ecosystems

Timeline

PublishedAug 18, 2011

ModifiedAug 6, 2024

CVE-2011-2984 | Mondoo Vulnerability Intelligence