CVE-2011-3001 | Vulnerability Database | Aqua Security

Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0	4.0
Firefox	Mozilla	4.0.1	4.0.1
Firefox	Mozilla	5.0	5.0
Firefox	Mozilla	6.0	6.0
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	hardy	*
Firefox	Ubuntu	natty	*
Firefox	Ubuntu	upstream	*

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html
http://secunia.com/advisories/46315
http://www.mandriva.com/security/advisories?name=MDVSA-2011:139
http://www.mandriva.com/security/advisories?name=MDVSA-2011:140
http://www.mandriva.com/security/advisories?name=MDVSA-2011:141
http://www.mandriva.com/security/advisories?name=MDVSA-2011:142
http://www.mozilla.org/security/announce/2011/mfsa2011-40.html
https://bugzilla.mozilla.org/show_bug.cgi?id=672485
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14442

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-3001
CWE	https://cwe.mitre.org/data/definitions/264.html