CVE-2011-1187

NameCVE-2011-1187
DescriptionGoogle Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs617418, 703071

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedove (PTS)jessie1:52.3.0-4~deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)(unfixed)low
icedovesource(unstable)17.0.2-1low
iceweaselsource(unstable)12.0-1medium703071
libv8source(unstable)3.1.8.10-1medium617418
libv8sourcesqueeze(unfixed)end-of-life

Notes

[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
[wheezy] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
[wheezy] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
Fixed in Thunderbird 12 and Seamonkey 2.9

Search for package or bug name: Reporting problems