Vulnerabilities > CVE-2011-3658 - Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Firefox 7/8 (. CVE-2011-3658. Remote exploit for windows platform |
| id | EDB-ID:18847 |
| last seen | 2016-02-02 |
| modified | 2012-05-09 |
| published | 2012-05-09 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/18847/ |
| title | Firefox 7 / 8<= 8.0.1 - nsSVGValue Out-of-Bounds Access Vulnerability |
Metasploit
| description | This module exploits an out-of-bounds access flaw in Firefox 7 and 8 (<= 8.0.1). The notification of nsSVGValue observers via nsSVGValue::NotifyObservers(x,y) uses a loop which can result in an out-of-bounds access to attacker-controlled memory. The mObserver ElementAt() function (which picks up pointers), does not validate if a given index is out of bound. If a custom observer of nsSVGValue is created, which removes elements from the original observer, and memory layout is manipulated properly, the ElementAt() function might pick up an attacker provided pointer, which can be leveraged to gain remote arbitrary code execution. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/MOZILLA_NSSVGVALUE |
| last seen | 2020-06-07 |
| modified | 2017-07-24 |
| published | 2012-05-08 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/mozilla_nssvgvalue.rb |
| title | Firefox nsSVGValue Out-of-Bounds Access Vulnerability |
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1343-1.NASL description Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Thunderbird. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from Thunderbird in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Thunderbird when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57686 published 2012-01-25 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57686 title Ubuntu 11.10 : thunderbird vulnerabilities (USN-1343-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1343-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(57686); script_version("1.19"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-3658", "CVE-2011-3660", "CVE-2011-3661", "CVE-2011-3663", "CVE-2011-3665"); script_bugtraq_id(51133, 51134, 51135, 51136, 51138); script_xref(name:"USN", value:"1343-1"); script_name(english:"Ubuntu 11.10 : thunderbird vulnerabilities (USN-1343-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Thunderbird. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from Thunderbird in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Thunderbird when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1343-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"11.10", pkgname:"thunderbird", pkgver:"9.0+build2-0ubuntu0.11.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1401-2.NASL description USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. (CVE-2011-3658) Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine last seen 2020-06-01 modified 2020-06-02 plugin id 58481 published 2012-03-26 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58481 title Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1401-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(58481); script_version("1.18"); script_cvs_date("Date: 2019/09/19 12:54:27"); script_cve_id("CVE-2011-3658", "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0461", "CVE-2012-0464"); script_bugtraq_id(51138, 52458, 52459, 52460, 52461, 52464, 52465); script_xref(name:"USN", value:"1401-2"); script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. (CVE-2011-3658) Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking the Xulrunner based application. (CVE-2012-0457) Atte Kettunen discovered an out of bounds read vulnerability in the Gecko Rendering Engine's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. (CVE-2012-0456) Soroush Dalili discovered that the Gecko Rendering Engine did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents of the frame or steal confidential data. (CVE-2012-0455) Mariusz Mlynski discovered that the Home button accepted JavaScript links to set the browser Home page. An attacker could use this vulnerability to get the script URL loaded in the privileged about:sessionrestore context. (CVE-2012-0458) Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0461, CVE-2012-0464). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1401-2/" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|10\.10|11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"thunderbird", pkgver:"3.1.20+build1+nobinonly-0ubuntu0.10.04.1")) flag++; if (ubuntu_check(osver:"10.10", pkgname:"thunderbird", pkgver:"3.1.20+build1+nobinonly-0ubuntu0.10.10.1")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"thunderbird", pkgver:"3.1.20+build1+nobinonly-0ubuntu0.11.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family SuSE Local Security Checks NASL id SUSE_11_4_MOZILLAFIREFOX-111221.NASL description Mozilla Firefox Version 9 fixes several security issues : dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes last seen 2020-06-01 modified 2020-06-02 plugin id 75950 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75950 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0039-2) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-254.NASL description Changes in xulrunner : - update to 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory Changes in MozillaFirefox : - update to Firefox 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications Changes in MozillaThunderbird : - update to Thunderbird 12.0 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue) Changes in seamonkey : - update to SeaMonkey 2.9 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 last seen 2020-06-05 modified 2014-06-13 plugin id 74612 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74612 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1) NASL family Windows NASL id SEAMONKEY_26.NASL description The installed version of SeaMonkey is earlier than 2.6.0. Such versions are potentially affected by the following security issues : - An out-of-bounds memory access error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 57353 published 2011-12-20 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57353 title SeaMonkey < 2.6.0 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_9_0.NASL description The installed version of Thunderbird 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 57361 published 2011-12-21 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57361 title Thunderbird 8.x Multiple Vulnerabilities (Mac OS X) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_9_0.NASL description The installed version of Firefox 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 57359 published 2011-12-21 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57359 title Firefox 8.x Multiple Vulnerabilities (Mac OS X) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-175.NASL description Changes in MozillaThunderbird : - update to Thunderbird 11.0 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in mozilla-xulrunner192 : - security update to 1.9.2.28 (bnc#750044) - MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue out-of-bounds access - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in MozillaFirefox : - update to Firefox 11.0 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in seamonkey : - update to SeaMonkey 2.8 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in chmsee : - Update to version 1.99.08 Changes in mozilla-nss : - update to 3.13.3 RTM - distrust Trustwave last seen 2020-06-05 modified 2014-06-13 plugin id 74574 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74574 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird (openSUSE-SU-2012:0417-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-192.NASL description Security issues were identified and fixed in mozilla firefox and thunderbird : The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements (CVE-2011-3658). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors (CVE-2011-3660). YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript (CVE-2011-3661). Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page by using SVG animation accessKey events within that web page (CVE-2011-3663). Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling (CVE-2011-3665). last seen 2020-06-01 modified 2020-06-02 plugin id 61940 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61940 title Mandriva Linux Security Advisory : mozilla (MDVSA-2011:192) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1401-1.NASL description It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. (CVE-2011-3658) Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine last seen 2020-06-01 modified 2020-06-02 plugin id 58397 published 2012-03-20 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58397 title Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1401-1) NASL family Windows NASL id MOZILLA_THUNDERBIRD_90.NASL description The installed version of Thunderbird is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 57352 published 2011-12-20 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57352 title Mozilla Thunderbird < 9.0 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_4_SEAMONKEY-111221.NASL description seamonkey version 2.6 fixes several security issues : dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes last seen 2020-06-01 modified 2020-06-02 plugin id 76025 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76025 title openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2011-101.NASL description Mozilla Firefox and Thunderbird version 9 and seamonkey version 2.6 updates fix several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation - MFSA 2011-58/CVE-2011-3665: Crash scaling video elements to extreme sizes last seen 2020-06-01 modified 2020-06-02 plugin id 74515 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74515 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-2011-101) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1306-2.NASL description USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57458 published 2012-01-09 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57458 title Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2) NASL family SuSE Local Security Checks NASL id SUSE_11_3_SEAMONKEY-111221.NASL description seamonkey version 2.6 fixes several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation - MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes last seen 2020-06-01 modified 2020-06-02 plugin id 75744 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75744 title openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E3FF776B2BA611E193C60011856A6E37.NASL description The Mozilla Project reports : MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0) MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash scaling video to extreme sizes last seen 2020-06-01 modified 2020-06-02 plugin id 57355 published 2011-12-21 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57355 title FreeBSD : mozilla -- multiple vulnerabilities (e3ff776b-2ba6-11e1-93c6-0011856a6e37) NASL family Windows NASL id MOZILLA_FIREFOX_90.NASL description The installed version of Firefox is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 57351 published 2011-12-20 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57351 title Firefox < 9.0 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1306-1.NASL description Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57457 published 2012-01-09 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57457 title Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1306-1)
Oval
| accepted | 2014-10-06T04:01:37.180-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| description | The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | ||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:14664 | ||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2011-12-30T14:35:52.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
| title | The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | ||||||||||||||||||||||||||||||||||||||||||||||||
| version | 36 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/112544/mozilla_nssvgvalue.rb.txt |
| id | PACKETSTORM:112544 |
| last seen | 2016-12-05 |
| published | 2012-05-08 |
| reporter | regenrecht |
| source | https://packetstormsecurity.com/files/112544/Mozilla-Firefox-7-8-Out-Of-Bounds-Access.html |
| title | Mozilla Firefox 7 / 8 Out-Of-Bounds Access |
Saint
| bid | 51138 |
| description | Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access |
| id | web_client_firefox |
| osvdb | 77953 |
| title | firefox_domattrmodified_nssvgvalue |
| type | client |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 51138 CVE ID: CVE-2011-3658 Firefox是一款非常流行的开源WEB浏览器。Thunderbird是一个邮件客户端,支持IMAP、POP邮件协议以及HTML邮件格式。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox/Thunderbird/SeaMonkey在SVG的实现上存在内存破坏漏洞,攻击者可利用此漏洞执行任意代码,可能导致拒绝服务。 0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Thunderbird 8.0 Mozilla SeaMonkey 2.5 厂商补丁: Mozilla ------- Mozilla已经为此发布了一个安全公告(mfsa2011-55)以及相应补丁: mfsa2011-55:Mozilla Foundation Security Advisory 2011-55 链接:http://www.mozilla.org/security/announce/2011/mfsa2011-55.html |
| id | SSV:26091 |
| last seen | 2017-11-19 |
| modified | 2011-12-21 |
| published | 2011-12-21 |
| reporter | Root |
| title | Mozilla Firefox/Thunderbird/SeaMonkey越界内存破坏漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
- http://osvdb.org/77953
- http://secunia.com/advisories/47302
- http://secunia.com/advisories/47334
- http://secunia.com/advisories/48495
- http://secunia.com/advisories/48553
- http://secunia.com/advisories/48823
- http://secunia.com/advisories/49055
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:192
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
- http://www.mozilla.org/security/announce/2011/mfsa2011-55.html
- http://www.securitytracker.com/id?1026445
- http://www.securitytracker.com/id?1026446
- http://www.securitytracker.com/id?1026447
- http://www.ubuntu.com/usn/USN-1401-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=708186
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71910
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14664