{"alias":[],"description":"Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.","epss":{"percentile":"0.626","score":"0.004290"},"id":"CVE-2011-2372","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"MEDIUM","access_vector":"NETWORK","authentication":"SINGLE","availability_impact":"NONE","base_score":3.5,"base_severity":"LOW","confidentiality_impact":"NONE","exploitability_score":6.8,"impact_score":2.9,"integrity_impact":"PARTIAL","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":1,"vector_string":"AV:N\/AC:M\/Au:S\/C:N\/I:P\/A:N","version":"2.0"}},"modified":"2026-04-29T01:13:23","nvd_status":"Modified","published":"2011-09-29T00:55:01","score":3.5,"severity":"LOW","source":"cve@mitre.org","status":"PUBLISHED","weaknesses":[{"id":"CWE-264","name":"Permissions, Privileges, and Access Controls","type":"category"}]}