VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 18, 2011· Updated Apr 29, 2026

CVE-2011-2984

CVE-2011-2984

Description

Mozilla Firefox prior to 3.6.20 mishandles tab element dropping, allowing remote attackers to execute arbitrary JavaScript with chrome privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Mozilla Firefox prior to 3.6.20 mishandles tab element dropping, allowing remote attackers to execute arbitrary JavaScript with chrome privileges.

Vulnerability

An elevation-of-privilege vulnerability exists in the handling of drag-and-drop operations for browser tab elements in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products [2]. When a user drags and drops a tab element from the browser chrome into a content area, the browser improperly handles the event, allowing a registered drop event handler in the content to execute JavaScript code in a privileged context [1][2][3].

Exploitation

To exploit this, an attacker must first establish a content area (e.g., a webpage) and register for drop events [1]. The attacker then lures the victim into dragging a tab (e.g., from the tab bar) and dropping it onto the attacker-controlled content area [3]. No additional authentication or special network position is required beyond serving a webpage to the victim [2].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript code with chrome privileges [1][2]. This effectively bypasses the browser's security sandbox, enabling the attacker to read or modify local files, steal sensitive data, install malware, or perform other actions with the full authority of the user's browser session [2].

Mitigation

Mozilla addressed this vulnerability in Firefox 3.6.20, released on August 16, 2011 [2]. Users should update to this version or later. For Thunderbird, the fixed version is 3.1.12 [2]. SeaMonkey 2.x should also be updated to a version containing the fix [1]. Red Hat Enterprise Linux users can apply the RHSA-2011:1164 update [1]. No workarounds are documented in the available references.

References
  1. Support
  2. Security issues addressed in Firefox 3.6.20
  3. 572129 - (CVE-2011-2984) Arbitrary code execution via browser's tab element that was dropped on the content area

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

213
  • Mozilla Corporation/Firefox111 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 110 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=3.6.19
    • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
    • (no CPE)range: <3.6.20
  • Mozilla Corporation/Seamonkey77 versions
    cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*+ 76 more
    • cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*
    • (no CPE)range: 2.x
  • Mozilla Corporation/Thunderbird25 versions
    cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*
    • (no CPE)range: <3.1.12

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.