Vulnerability Description
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Bugzilla | 2.4 |
| Apple | Safari | <= 5.0.5 |
| Microsoft | Internet Explorer | <= 8 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/45501Vendor Advisory
- http://www.bugzilla.org/security/3.4.11/Vendor Advisory
- http://www.debian.org/security/2011/dsa-2322
- http://www.osvdb.org/74297
- http://www.securityfocus.com/bid/49042
- https://bugzilla.mozilla.org/show_bug.cgi?id=637981ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69033
- http://secunia.com/advisories/45501Vendor Advisory
- http://www.bugzilla.org/security/3.4.11/Vendor Advisory
- http://www.debian.org/security/2011/dsa-2322
- http://www.osvdb.org/74297
- http://www.securityfocus.com/bid/49042
- https://bugzilla.mozilla.org/show_bug.cgi?id=637981ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69033
FAQ
What is CVE-2011-2379?
CVE-2011-2379 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when In...
How severe is CVE-2011-2379?
CVE-2011-2379 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2379?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Bugzilla, Apple Safari, Microsoft Internet Explorer.