CVE-2011-3659

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html	Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013	Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-04.html	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=708198	Exploit Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14697	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html	Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013	Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-04.html	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=708198	Exploit Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14697	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1::::::

History

21 Nov 2024, 01:30

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html - Mailing List, Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html - Mailing List, Third Party Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 - Third Party Advisory~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 - Third Party Advisory
References	~~() http://www.mozilla.org/security/announce/2012/mfsa2012-04.html - Vendor Advisory~~	() http://www.mozilla.org/security/announce/2012/mfsa2012-04.html - Vendor Advisory
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=708198 - Exploit, Issue Tracking, Patch, Vendor Advisory~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=708198 - Exploit, Issue Tracking, Patch, Vendor Advisory
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14697 - Third Party Advisory~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14697 - Third Party Advisory

Information

Published : 2012-02-01 16:55

Updated : 2024-11-21 01:30

NVD link : CVE-2011-3659

Mitre link : CVE-2011-3659

CVE.ORG link : CVE-2011-3659

JSON object : View

Products Affected

mozilla

thunderbird
firefox
seamonkey

suse

linux_enterprise_software_development_kit
linux_enterprise_desktop
linux_enterprise_server

opensuse

opensuse

CWE

CWE-416

Use After Free

9.3 /10