Vulnerabilities > CVE-2011-3650 - Buffer Errors vulnerability in Mozilla Firefox and Thunderbird

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
CWE-119
critical
nessus

Summary

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

Vulnerable Configurations

Part Description Count
Application
Mozilla
282

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1251-1.NASL
    descriptionIt was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. (CVE-2011-3647) Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. A malicious website could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs which would potentially allow an attacker to remotely crash the browser. (CVE-2011-3650). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56775
    published2011-11-11
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56775
    titleUbuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1251-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1251-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56775);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-3004", "CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3650");
      script_bugtraq_id(50589, 50593, 50595);
      script_xref(name:"USN", value:"1251-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1251-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that CVE-2011-3004, which addressed possible
    privilege escalation in addons, also affected Firefox 3.6. An attacker
    could potentially exploit Firefox when an add-on was installed that
    used loadSubscript in vulnerable ways. (CVE-2011-3647)
    
    Yosuke Hasegawa discovered that the Mozilla browser engine mishandled
    invalid sequences in the Shift-JIS encoding. A malicious website could
    possibly use this flaw this to steal data or inject malicious scripts
    into web content. (CVE-2011-3648)
    
    Marc Schoenefeld discovered that using Firebug to profile a JavaScript
    file with many functions would cause Firefox to crash. An attacker
    might be able to exploit this without using the debugging APIs which
    would potentially allow an attacker to remotely crash the browser.
    (CVE-2011-3650).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1251-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected firefox and / or xulrunner-1.9.2 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xulrunner-1.9.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"firefox", pkgver:"3.6.24+build2+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.24+build2+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"firefox", pkgver:"3.6.24+build2+nobinonly-0ubuntu0.10.10.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"xulrunner-1.9.2", pkgver:"1.9.2.24+build2+nobinonly-0ubuntu0.10.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "firefox / xulrunner-1.9.2");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111108_FIREFOX_ON_SL4_X.NASL
    descriptionMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2011-3648) A flaw was found in the way Firefox handled large JavaScript scripts. A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3650) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.24. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.24, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61170
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61170
    titleScientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61170);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2011-3647", "CVE-2011-3648", "CVE-2011-3650");
    
      script_name(english:"Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Firefox is an open source web browser. XULRunner provides the
    XUL Runtime environment for Mozilla Firefox.
    
    A flaw was found in the way Firefox handled certain add-ons. A web
    page containing malicious content could cause an add-on to grant
    itself full browser privileges, which could lead to arbitrary code
    execution with the privileges of the user running Firefox.
    (CVE-2011-3647)
    
    A cross-site scripting (XSS) flaw was found in the way Firefox handled
    certain multibyte character sets. A web page containing malicious
    content could cause Firefox to run JavaScript code with the
    permissions of a different website. (CVE-2011-3648)
    
    A flaw was found in the way Firefox handled large JavaScript scripts.
    A web page containing malicious JavaScript could cause Firefox to
    crash or, potentially, execute arbitrary code with the privileges of
    the user running Firefox. (CVE-2011-3650)
    
    For technical details regarding these flaws, refer to the Mozilla
    security advisories for Firefox 3.6.24. You can find a link to the
    Mozilla advisories in the References section of this erratum.
    
    All Firefox users should upgrade to these updated packages, which
    contain Firefox version 3.6.24, which corrects these issues. After
    installing the update, Firefox must be restarted for the changes to
    take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1111&L=scientific-linux-errata&T=0&P=1084
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?41adb7f3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/11/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"firefox-3.6.24-3.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"firefox-debuginfo-3.6.24-3.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"firefox-3.6.24-3.el5_7")) flag++;
    if (rpm_check(release:"SL5", reference:"firefox-debuginfo-3.6.24-3.el5_7")) flag++;
    if (rpm_check(release:"SL5", reference:"xulrunner-1.9.2.24-2.el5_7")) flag++;
    if (rpm_check(release:"SL5", reference:"xulrunner-debuginfo-1.9.2.24-2.el5_7")) flag++;
    if (rpm_check(release:"SL5", reference:"xulrunner-devel-1.9.2.24-2.el5_7")) flag++;
    
    if (rpm_check(release:"SL6", reference:"firefox-3.6.24-3.el6_1")) flag++;
    if (rpm_check(release:"SL6", reference:"firefox-debuginfo-3.6.24-3.el6_1")) flag++;
    if (rpm_check(release:"SL6", reference:"xulrunner-1.9.2.24-2.el6_1.1")) flag++;
    if (rpm_check(release:"SL6", reference:"xulrunner-debuginfo-1.9.2.24-2.el6_1.1")) flag++;
    if (rpm_check(release:"SL6", reference:"xulrunner-devel-1.9.2.24-2.el6_1.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1437.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2011-3648) A flaw was found in the way Firefox handled large JavaScript scripts. A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3650) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.24. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.24, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56741
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56741
    titleRHEL 4 / 5 / 6 : firefox (RHSA-2011:1437)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3624.NASL
    descriptionThe installed version of Firefox 3.6.x is earlier than 3.6.24 and is potentially affected by the following vulnerabilities: - There is an error within the JSSubScriptLoader that incorrectly unwraps
    last seen2020-06-01
    modified2020-06-02
    plugin id56750
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56750
    titleFirefox 3.6.x < 3.6.24 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-169.NASL
    descriptionSecurity issues were identified and fixed in mozilla NSS, firefox and thunderbird : 22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd certificate authority has been revoked from the root CA storage. This was fixed with rootcerts-20111103.00 and nss-3.13. DigiCert Sdn. Bhd is a Malaysian subordinate CA under Entrust and Verizon (GTE CyberTrust). It bears no affiliation whatsoever with the US-based corporation DigiCert, Inc., which is a member of Mozilla
    last seen2020-06-01
    modified2020-06-02
    plugin id56765
    published2011-11-10
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56765
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2011:169)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1439.NASL
    descriptionFrom Red Hat Security Advisory 2011:1439 : An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648) A flaw was found in the way Thunderbird handled large JavaScript scripts. Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3650) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68386
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68386
    titleOracle Linux 6 : thunderbird (ELSA-2011-1439)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2345.NASL
    descriptionSeveral vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird. - CVE-2011-3647 The JSSubScriptLoader does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted website that leverages certain unwrapping behavior. - CVE-2011-3648 A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. - CVE-2011-3650 Iceweasel does not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
    last seen2020-03-17
    modified2011-11-14
    plugin id56786
    published2011-11-14
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56786
    titleDebian DSA-2345-1 : icedove - several vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2341.NASL
    descriptionSeveral vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-3647
    last seen2020-03-17
    modified2011-11-10
    plugin id56759
    published2011-11-10
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56759
    titleDebian DSA-2341-1 : iceweasel - several vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_THUNDERBIRD_20120404.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. (CVE-2011-3648) - Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. (CVE-2011-3650) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-3651) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3652) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3654) - Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. (CVE-2011-3655)
    last seen2020-06-01
    modified2020-06-02
    plugin id80783
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80783
    titleOracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1277-2.NASL
    descriptionUSN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. (CVE-2011-3650) Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Firefox or possibly crash the browser resulting in a denial of service. (CVE-2011-3651) It was discovered that Firefox could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3652) Aki Helin discovered that Firefox does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Firefox, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3654) It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. An attacker could possibly use this to gain elevated privileges within the browser for web content. (CVE-2011-3655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56945
    published2011-11-26
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56945
    titleUbuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1277-2)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_FIREFOX_20121210.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. (CVE-2011-2372) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-2995) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-2997) - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. (CVE-2011-3000) - Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. (CVE-2011-3001) - Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. (CVE-2011-3002) - Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. (CVE-2011-3003) - The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. (CVE-2011-3004) - Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. (CVE-2011-3005) - YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. (CVE-2011-3232) - Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. (CVE-2011-3648) - Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. (CVE-2011-3650) - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-3651) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3652) - The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. (CVE-2011-3654) - Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. (CVE-2011-3655)
    last seen2020-06-01
    modified2020-06-02
    plugin id80608
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80608
    titleOracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_mozilla_firefox1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1254-1.NASL
    descriptionIt was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. (CVE-2011-3647) Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs which would potentially allow an attacker to remotely crash Thunderbird. (CVE-2011-3650). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57393
    published2011-12-23
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57393
    titleUbuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1254-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1439.NASL
    descriptionAn updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648) A flaw was found in the way Thunderbird handled large JavaScript scripts. Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3650) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56743
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56743
    titleRHEL 6 : thunderbird (RHSA-2011:1439)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_3116.NASL
    descriptionThe installed version of Thunderbird 3.1.x is earlier than 3.1.16 and is potentially affected by the following vulnerabilities: - There is an error within the JSSubScriptLoader that incorrectly unwraps
    last seen2020-06-01
    modified2020-06-02
    plugin id56752
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56752
    titleMozilla Thunderbird 3.1.x < 3.1.16 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_SEAMONKEY-111130.NASL
    descriptionSeaMonkey was upgraded to version 2.5 in order to fix the following security problems : dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug dbg114-seamonkey-5487 new_updateinfo seamonkey-5487 MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper
    last seen2020-06-01
    modified2020-06-02
    plugin id76024
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76024
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_8_0.NASL
    descriptionThe installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in
    last seen2020-06-01
    modified2020-06-02
    plugin id56756
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56756
    titleFirefox < 8.0 Multiple Vulnerabilities (Mac OS X)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1437.NASL
    descriptionUpdated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2011-3648) A flaw was found in the way Firefox handled large JavaScript scripts. A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3650) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.24. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.24, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56781
    published2011-11-14
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56781
    titleCentOS 4 / 5 : firefox (CESA-2011:1437)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_80.NASL
    descriptionThe installed version of Thunderbird is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in
    last seen2020-06-01
    modified2020-06-02
    plugin id56753
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56753
    titleMozilla Thunderbird < 8.0 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2011-34.NASL
    descriptionSeaMonkey was updated to version 2.5 to fix several security issues : - MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS - MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards - MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug - MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper
    last seen2020-06-01
    modified2020-06-02
    plugin id74522
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74522
    titleopenSUSE Security Update : seamonkey (openSUSE-2011-34)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111108_THUNDERBIRD_ON_SL6_X.NASL
    descriptionMozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648) A flaw was found in the way Thunderbird handled large JavaScript scripts. Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3650) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61174
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61174
    titleScientific Linux Security Update : thunderbird on SL6.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_MOZILLAFIREFOX-111109.NASL
    descriptionMozillaFirefox has been updated to version 3.6.24 to fix the following security issues : - MFSA 2011-46/CVE-2011-3647 (bmo#680880) loadSubScript unwraps XPCNativeWrapper scope parameter - MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS - MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug
    last seen2020-06-01
    modified2020-06-02
    plugin id75657
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75657
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1242-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-NSS-7842.NASL
    descriptionThis update to version 3.13.1 of mozilla-nss fixes the following issues : - Explicitly distrust DigiCert Sdn. Bhd (bmo#698753) - Better SHA-224 support (bmo#647706) - Fix a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228) - SSL 2.0 is disabled by default - A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) has been enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. - Support SHA-224 - Add PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code - Add NSS_GetVersion to return the NSS version string - Add experimental support of RSA-PSS to the softoken only - NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052)
    last seen2020-06-01
    modified2020-06-02
    plugin id57226
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57226
    titleSuSE 10 Security Update : mozilla-nss (ZYPP Patch Number 7842) (BEAST)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_3_6_24.NASL
    descriptionThe installed version of Firefox 3.6 is earlier than 3.6.24. Such versions are potentially affected by the following security issues : - There is an error within the JSSubScriptLoader that incorrectly unwraps
    last seen2020-06-01
    modified2020-06-02
    plugin id56755
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56755
    titleFirefox 3.6 < 3.6.24 Multiple Vulnerabilities (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_8_0.NASL
    descriptionThe installed version of Thunderbird 7.x is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in
    last seen2020-06-01
    modified2020-06-02
    plugin id56758
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56758
    titleThunderbird 7.x Multiple Vulnerabilities (Mac OS X)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1277-1.NASL
    descriptionYosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. (CVE-2011-3650) Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Firefox or possibly crash the browser resulting in a denial of service. (CVE-2011-3651) It was discovered that Firefox could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3652) Aki Helin discovered that Firefox does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Firefox, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2011-3654) It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Firefox 4. An attacker could possibly use this to gain elevated privileges within the browser for web content. (CVE-2011-3655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56944
    published2011-11-26
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56944
    titleUbuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1277-1)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_80.NASL
    descriptionThe installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in
    last seen2020-06-01
    modified2020-06-02
    plugin id56751
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56751
    titleFirefox < 8.0 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1282-1.NASL
    descriptionYosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash Thunderbird, resulting in a denial of service. (CVE-2011-3650) Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey discovered multiple memory safety bugs in the browser engine used in Thunderbird and other Mozilla-based products. An attacker might be able to use these flaws to execute arbitrary code with the privileges of the user invoking Thunderbird or possibly crash Thunderbird resulting in a denial of service. (CVE-2011-3651) It was discovered that Thunderbird could be caused to crash under certain conditions, due to an unchecked allocation failure, resulting in a denial of service. It might also be possible to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-3652) Aki Helin discovered that Thunderbird does not properly handle links from SVG mpath elements to non-SVG elements. An attacker could use this vulnerability to crash Thunderbird, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2011-3654) It was discovered that an internal privilege check failed to respect the NoWaiverWrappers introduced with Thunderbird 5. An attacker could possibly use this to gain elevated privileges within Thunderbird for web content. (CVE-2011-3655). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56969
    published2011-11-29
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56969
    titleUbuntu 11.10 : thunderbird vulnerabilities (USN-1282-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2342.NASL
    descriptionSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-3647
    last seen2020-03-17
    modified2011-11-10
    plugin id56760
    published2011-11-10
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56760
    titleDebian DSA-2342-1 : iceape - several vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1437.NASL
    descriptionFrom Red Hat Security Advisory 2011:1437 : Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2011-3648) A flaw was found in the way Firefox handled large JavaScript scripts. A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3650) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.24. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.24, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68384
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68384
    titleOracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1437)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2011-9.NASL
    descriptionMozilla Firefox and Thunderbird were updated to version 8.0 which fixes several security vulnerabilities : - MFSA 2011-52 - Code execution via NoWaiverWrapper (CVE-2011-3655) - MFSA 2011-51 - Cross-origin image theft on Mac with integrated Intel GPU (CVE-2011-3653) - MFSA 2011-50 - Cross-origin data theft using canvas and Windows D2D (CVE-2011-3649) - MFSA 2011-49 - Memory corruption while profiling using Firebug (CVE-2011-3650) - MFSA 2011-48 - Miscellaneous memory safety hazards (rv:8.0) (CVE-2011-3651, CVE-2011-3652, CVE-2011-3654) - MFSA 2011-47 - Potential XSS against sites using Shift-JIS (CVE-2011-3648)
    last seen2020-06-01
    modified2020-06-02
    plugin id74542
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74542
    titleopenSUSE Security Update : firefox / thunderbird (openSUSE-2011-9)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLAFIREFOX-111114.NASL
    descriptionMozilla Firefox has been updated to version 1.9.2.24 (bnc#728520) to fix the following security issues : - (bmo#680880) loadSubScript unwraps XPCNativeWrapper scope parameter. (MFSA 2011-46 / CVE-2011-3647) - (bmo#690225) Potential XSS against sites using Shift-JIS. (MFSA 2011-47 / CVE-2011-3648) - (bmo#674776) Memory corruption while profiling using Firebug. (MFSA 2011-49 / CVE-2011-3650)
    last seen2020-06-01
    modified2020-06-02
    plugin id57084
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57084
    titleSuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5429)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_SEAMONKEY-111130.NASL
    descriptionSeaMonkey was upgraded to version 2.5 in order to fix the following security problems : - MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS - MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards - MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug - MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper
    last seen2020-06-01
    modified2020-06-02
    plugin id75743
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75743
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLAFIREFOX-7844.NASL
    descriptionMozillaFirefox has been updated to version 3.6.24 to fix the following
    last seen2020-06-01
    modified2020-06-02
    plugin id57153
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57153
    titleSuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 7844)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_6C8AD3E80A3011E195804061862B8C22.NASL
    descriptionThe Mozilla Project reports : MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch) MFSA 2011-47 Potential XSS against sites using Shift-JIS MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0) MFSA 2011-49 Memory corruption while profiling using Firebug MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU MFSA 2011-52 Code execution via NoWaiverWrapper
    last seen2020-06-01
    modified2020-06-02
    plugin id56762
    published2011-11-10
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56762
    titleFreeBSD : mozilla -- multiple vulnerabilities (6c8ad3e8-0a30-11e1-9580-4061862b8c22)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_3_1_16.NASL
    descriptionThe installed version of Thunderbird 3.1 is earlier than 3.1.16. Such versions are potentially affected by the following security issues : - There is an error within the JSSubScriptLoader that incorrectly unwraps
    last seen2020-06-01
    modified2020-06-02
    plugin id56757
    published2011-11-09
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56757
    titleThunderbird 3.1 < 3.1.16 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLAFIREFOX-111110.NASL
    descriptionMozillaFirefox was updated to version 8 (bnc#728520) to fix the following security issues : dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug dbg114-MozillaFirefox-5399 MozillaFirefox-5399 new_updateinfo MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper - rebased patches
    last seen2020-06-01
    modified2020-06-02
    plugin id75949
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75949
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)

Oval

accepted2014-10-06T04:00:52.237-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameScott Quint
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
descriptionMozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
familywindows
idoval:org.mitre.oval:def:13870
statusaccepted
submitted2011-11-25T18:27:12.000-05:00
titleMozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
version34

Redhat

advisories
  • bugzilla
    id751933
    titleCVE-2011-3650 Mozilla: crash while profiling page with many functions (MFSA 2011-49)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentfirefox is earlier than 0:3.6.24-3.el4
        ovaloval:com.redhat.rhsa:tst:20111437001
      • commentfirefox is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060200002
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentxulrunner-devel is earlier than 0:1.9.2.24-2.el5_7
            ovaloval:com.redhat.rhsa:tst:20111437004
          • commentxulrunner-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080569006
        • AND
          • commentxulrunner is earlier than 0:1.9.2.24-2.el5_7
            ovaloval:com.redhat.rhsa:tst:20111437006
          • commentxulrunner is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20080569004
        • AND
          • commentfirefox is earlier than 0:3.6.24-3.el5_7
            ovaloval:com.redhat.rhsa:tst:20111437008
          • commentfirefox is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070097008
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentxulrunner is earlier than 0:1.9.2.24-2.el6_1.1
            ovaloval:com.redhat.rhsa:tst:20111437011
          • commentxulrunner is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100861002
        • AND
          • commentxulrunner-devel is earlier than 0:1.9.2.24-2.el6_1.1
            ovaloval:com.redhat.rhsa:tst:20111437013
          • commentxulrunner-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100861004
        • AND
          • commentfirefox is earlier than 0:3.6.24-3.el6_1
            ovaloval:com.redhat.rhsa:tst:20111437015
          • commentfirefox is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100861006
    rhsa
    idRHSA-2011:1437
    released2011-11-08
    severityCritical
    titleRHSA-2011:1437: firefox security update (Critical)
  • bugzilla
    id751933
    titleCVE-2011-3650 Mozilla: crash while profiling page with many functions (MFSA 2011-49)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentthunderbird is earlier than 0:3.1.16-2.el6_1
        ovaloval:com.redhat.rhsa:tst:20111439001
      • commentthunderbird is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20100896002
    rhsa
    idRHSA-2011:1439
    released2011-11-08
    severityCritical
    titleRHSA-2011:1439: thunderbird security update (Critical)
rpms
  • firefox-0:3.6.24-3.el4
  • firefox-0:3.6.24-3.el5_7
  • firefox-0:3.6.24-3.el6_1
  • firefox-debuginfo-0:3.6.24-3.el4
  • firefox-debuginfo-0:3.6.24-3.el5_7
  • firefox-debuginfo-0:3.6.24-3.el6_1
  • xulrunner-0:1.9.2.24-2.el5_7
  • xulrunner-0:1.9.2.24-2.el6_1.1
  • xulrunner-debuginfo-0:1.9.2.24-2.el5_7
  • xulrunner-debuginfo-0:1.9.2.24-2.el6_1.1
  • xulrunner-devel-0:1.9.2.24-2.el5_7
  • xulrunner-devel-0:1.9.2.24-2.el6_1.1
  • thunderbird-0:3.1.16-2.el6_1
  • thunderbird-debuginfo-0:3.1.16-2.el6_1