Search for vulnerabilities
Vulnerability details: VCID-rn9d-mu6b-aaac
Vulnerability ID VCID-rn9d-mu6b-aaac
Aliases CVE-2011-3649
Summary Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00392 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00415 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
epss 0.00416 https://api.first.org/data/v1/epss?cve=CVE-2011-3649
cvssv2 2.6 https://nvd.nist.gov/vuln/detail/CVE-2011-3649
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2011-50
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
https://api.first.org/data/v1/epss?cve=CVE-2011-3649
https://bugzilla.mozilla.org/show_bug.cgi?id=655836
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14025
http://www.mozilla.org/security/announce/2011/mfsa2011-50.html
http://www.securityfocus.com/bid/50591
CVE-2011-3649 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649
CVE-2011-3649 https://nvd.nist.gov/vuln/detail/CVE-2011-3649
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2011-50 https://www.mozilla.org/en-US/security/advisories/mfsa2011-50
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-3649
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.46703
EPSS Score 0.00262
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.