Oval Definition:oval:org.mitre.oval:def:21435
Revision Date:2015-03-09Version:180
Title:RHSA-2011:0885: firefox security and bug fix update (Critical)
Description:CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2011:0885-CentOS 5
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
RHSA-2011:0885-01
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s):firefox
xulrunner
Definition Synopsis
  • Red Hat Enterprise Linux 5 and CentOS Linux 5 release section
  • Operation system section
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages match section
  • xulrunner-devel is earlier than 0:1.9.2.18-2.el5_6
  • OR xulrunner is earlier than 0:1.9.2.18-2.el5_6
  • Red Hat Enterprise Linux 5 release section
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • AND firefox is earlier than 0:3.6.18-1.el5_6
  • Red Hat Enterprise Linux 6 release section
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • AND Packages match section
  • firefox is earlier than 0:3.6.18-1.el6_1
  • OR firefox-debuginfo is earlier than 0:3.6.18-1.el6_1
  • OR xulrunner is earlier than 0:1.9.2.18-2.el6_1
  • OR xulrunner-debuginfo is earlier than 0:1.9.2.18-2.el6_1
  • OR xulrunner-devel is earlier than 0:1.9.2.18-2.el6_1
  • CentOS Linux 5 release section
  • The operating system installed on the system is CentOS Linux 5.x
  • AND firefox is earlier than 0:3.6.18-1.el5.centos
    • BACK