VulnerableCode Vulnerability Details - VCID-jh6n-bau7-byhg

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jh6n-bau7-byhg

Essentials
Severities (2)
References (13)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jh6n-bau7-byhg
Aliases	CVE-2011-2999
Summary	Mozilla developer Boris Zbarsky reported that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. Because some plugins use the value of window.location to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy. This flaw allows circumvention of the fix added for MFSA 2010-10.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
epss	0.00722	https://api.first.org/data/v1/epss?cve=CVE-2011-2999
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2011-38

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2999.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-2999
741904		https://bugzilla.redhat.com/show_bug.cgi?id=741904
CVE-2011-2999		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999
GLSA-201301-01		https://security.gentoo.org/glsa/201301-01
mfsa2011-38		https://www.mozilla.org/en-US/security/advisories/mfsa2011-38
RHSA-2011:1341		https://access.redhat.com/errata/RHSA-2011:1341
RHSA-2011:1342		https://access.redhat.com/errata/RHSA-2011:1342
RHSA-2011:1343		https://access.redhat.com/errata/RHSA-2011:1343
RHSA-2011:1344		https://access.redhat.com/errata/RHSA-2011:1344
USN-1210-1		https://usn.ubuntu.com/1210-1/
USN-1213-1		https://usn.ubuntu.com/1213-1/
USN-1222-1		https://usn.ubuntu.com/1222-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.72835
EPSS Score	0.00722
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:27:58.609785+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2011/mfsa2011-38.md	38.6.0