Vulnerabilities > CVE-2011-3658 - Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
CWE-399
nessus
exploit available
metasploit

Summary

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.

Vulnerable Configurations

Part Description Count
Application
Mozilla
3

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionFirefox 7/8 (. CVE-2011-3658. Remote exploit for windows platform
idEDB-ID:18847
last seen2016-02-02
modified2012-05-09
published2012-05-09
reportermetasploit
sourcehttps://www.exploit-db.com/download/18847/
titleFirefox 7 / 8<= 8.0.1 - nsSVGValue Out-of-Bounds Access Vulnerability

Metasploit

descriptionThis module exploits an out-of-bounds access flaw in Firefox 7 and 8 (<= 8.0.1). The notification of nsSVGValue observers via nsSVGValue::NotifyObservers(x,y) uses a loop which can result in an out-of-bounds access to attacker-controlled memory. The mObserver ElementAt() function (which picks up pointers), does not validate if a given index is out of bound. If a custom observer of nsSVGValue is created, which removes elements from the original observer, and memory layout is manipulated properly, the ElementAt() function might pick up an attacker provided pointer, which can be leveraged to gain remote arbitrary code execution.
idMSF:EXPLOIT/WINDOWS/BROWSER/MOZILLA_NSSVGVALUE
last seen2020-06-07
modified2017-07-24
published2012-05-08
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/mozilla_nssvgvalue.rb
titleFirefox nsSVGValue Out-of-Bounds Access Vulnerability

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1343-1.NASL
    descriptionAlexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Thunderbird. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from Thunderbird in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Thunderbird when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57686
    published2012-01-25
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57686
    titleUbuntu 11.10 : thunderbird vulnerabilities (USN-1343-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1343-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57686);
      script_version("1.19");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-3658", "CVE-2011-3660", "CVE-2011-3661", "CVE-2011-3663", "CVE-2011-3665");
      script_bugtraq_id(51133, 51134, 51135, 51136, 51138);
      script_xref(name:"USN", value:"1343-1");
    
      script_name(english:"Ubuntu 11.10 : thunderbird vulnerabilities (USN-1343-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian
    Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse
    Ruderman, Marcia Knous, and Rober Longson discovered several memory
    safety issues which could possibly be exploited to crash Thunderbird
    or execute arbitrary code as the user that invoked Thunderbird.
    (CVE-2011-3660)
    
    Aki Helin discovered a crash in the YARR regular expression library
    that could be triggered by JavaScript in web content. (CVE-2011-3661)
    
    It was discovered that a flaw in the Mozilla SVG implementation could
    result in an out-of-bounds memory access if SVG elements were removed
    during a DOMAttrModified event handler. An attacker could potentially
    exploit this vulnerability to crash Thunderbird. (CVE-2011-3658)
    
    Mario Heiderich discovered it was possible to use SVG animation
    accessKey events to detect key strokes even when JavaScript was
    disabled. A malicious web page could potentially exploit this to trick
    a user into interacting with a prompt thinking it came from
    Thunderbird in a context where the user believed scripting was
    disabled. (CVE-2011-3663)
    
    It was discovered that it was possible to crash Thunderbird when
    scaling an OGG <video> element to extreme sizes. (CVE-2011-3665).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1343-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"11.10", pkgname:"thunderbird", pkgver:"9.0+build2-0ubuntu0.11.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1401-2.NASL
    descriptionUSN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. (CVE-2011-3658) Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine
    last seen2020-06-01
    modified2020-06-02
    plugin id58481
    published2012-03-26
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58481
    titleUbuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1401-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58481);
      script_version("1.18");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2011-3658", "CVE-2012-0455", "CVE-2012-0456", "CVE-2012-0457", "CVE-2012-0458", "CVE-2012-0461", "CVE-2012-0464");
      script_bugtraq_id(51138, 52458, 52459, 52460, 52461, 52464, 52465);
      script_xref(name:"USN", value:"1401-2");
    
      script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides
    the corresponding fixes for Thunderbird.
    
    It was discovered that a flaw in the Mozilla SVG implementation could
    result in an out-of-bounds memory access if SVG elements were removed
    during a DOMAttrModified event handler. If the user were tricked into
    opening a specially crafted page, an attacker could exploit this to
    cause a denial of service via application crash. (CVE-2011-3658)
    
    Atte Kettunen discovered a use-after-free vulnerability in
    the Gecko Rendering Engine's handling of SVG animations. An
    attacker could potentially exploit this to execute arbitrary
    code with the privileges of the user invoking the Xulrunner
    based application. (CVE-2012-0457)
    
    Atte Kettunen discovered an out of bounds read vulnerability
    in the Gecko Rendering Engine's handling of SVG Filters. An
    attacker could potentially exploit this to make data from
    the user's memory accessible to the page content.
    (CVE-2012-0456)
    
    Soroush Dalili discovered that the Gecko Rendering Engine
    did not adequately protect against dropping JavaScript links
    onto a frame. A remote attacker could, through cross-site
    scripting (XSS), exploit this to modify the contents of the
    frame or steal confidential data. (CVE-2012-0455)
    
    Mariusz Mlynski discovered that the Home button accepted
    JavaScript links to set the browser Home page. An attacker
    could use this vulnerability to get the script URL loaded in
    the privileged about:sessionrestore context. (CVE-2012-0458)
    
    Bob Clary, Vincenzo Iozzo, and Willem Pinckaers discovered
    memory safety issues affecting Firefox. If the user were
    tricked into opening a specially crafted page, an attacker
    could exploit these to cause a denial of service via
    application crash, or potentially execute code with the
    privileges of the user invoking Firefox. (CVE-2012-0461,
    CVE-2012-0464).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1401-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSVGValue Out-of-Bounds Access Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|10\.10|11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"thunderbird", pkgver:"3.1.20+build1+nobinonly-0ubuntu0.10.04.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"thunderbird", pkgver:"3.1.20+build1+nobinonly-0ubuntu0.10.10.1")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"thunderbird", pkgver:"3.1.20+build1+nobinonly-0ubuntu0.11.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_MOZILLAFIREFOX-111221.NASL
    descriptionMozilla Firefox Version 9 fixes several security issues : dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id75950
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75950
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0039-2)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-254.NASL
    descriptionChanges in xulrunner : - update to 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory Changes in MozillaFirefox : - update to Firefox 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications Changes in MozillaThunderbird : - update to Thunderbird 12.0 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue) Changes in seamonkey : - update to SeaMonkey 2.9 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7
    last seen2020-06-05
    modified2014-06-13
    plugin id74612
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74612
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1)
  • NASL familyWindows
    NASL idSEAMONKEY_26.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.6.0. Such versions are potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57353
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57353
    titleSeaMonkey < 2.6.0 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_9_0.NASL
    descriptionThe installed version of Thunderbird 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57361
    published2011-12-21
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57361
    titleThunderbird 8.x Multiple Vulnerabilities (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_9_0.NASL
    descriptionThe installed version of Firefox 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57359
    published2011-12-21
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57359
    titleFirefox 8.x Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-175.NASL
    descriptionChanges in MozillaThunderbird : - update to Thunderbird 11.0 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in mozilla-xulrunner192 : - security update to 1.9.2.28 (bnc#750044) - MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue out-of-bounds access - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in MozillaFirefox : - update to Firefox 11.0 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in seamonkey : - update to SeaMonkey 2.8 (bnc#750044) - MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL - MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer - MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers - MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page - MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification - MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content - MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards Changes in chmsee : - Update to version 1.99.08 Changes in mozilla-nss : - update to 3.13.3 RTM - distrust Trustwave
    last seen2020-06-05
    modified2014-06-13
    plugin id74574
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74574
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird (openSUSE-SU-2012:0417-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-192.NASL
    descriptionSecurity issues were identified and fixed in mozilla firefox and thunderbird : The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements (CVE-2011-3658). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors (CVE-2011-3660). YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript (CVE-2011-3661). Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page by using SVG animation accessKey events within that web page (CVE-2011-3663). Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling (CVE-2011-3665).
    last seen2020-06-01
    modified2020-06-02
    plugin id61940
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61940
    titleMandriva Linux Security Advisory : mozilla (MDVSA-2011:192)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1401-1.NASL
    descriptionIt was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash. (CVE-2011-3658) Atte Kettunen discovered a use-after-free vulnerability in the Gecko Rendering Engine
    last seen2020-06-01
    modified2020-06-02
    plugin id58397
    published2012-03-20
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58397
    titleUbuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1401-1)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_90.NASL
    descriptionThe installed version of Thunderbird is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57352
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57352
    titleMozilla Thunderbird < 9.0 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_SEAMONKEY-111221.NASL
    descriptionseamonkey version 2.6 fixes several security issues : dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id76025
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76025
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2011-101.NASL
    descriptionMozilla Firefox and Thunderbird version 9 and seamonkey version 2.6 updates fix several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation - MFSA 2011-58/CVE-2011-3665: Crash scaling video elements to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id74515
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74515
    titleopenSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-2011-101)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1306-2.NASL
    descriptionUSN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57458
    published2012-01-09
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57458
    titleUbuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_SEAMONKEY-111221.NASL
    descriptionseamonkey version 2.6 fixes several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation - MFSA 2011-58/CVE-2011-3665: Crash scaling <video> to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id75744
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75744
    titleopenSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E3FF776B2BA611E193C60011856A6E37.NASL
    descriptionThe Mozilla Project reports : MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0) MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash scaling video to extreme sizes
    last seen2020-06-01
    modified2020-06-02
    plugin id57355
    published2011-12-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57355
    titleFreeBSD : mozilla -- multiple vulnerabilities (e3ff776b-2ba6-11e1-93c6-0011856a6e37)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_90.NASL
    descriptionThe installed version of Firefox is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id57351
    published2011-12-20
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57351
    titleFirefox < 9.0 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1306-1.NASL
    descriptionAlexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG <video> element to extreme sizes. (CVE-2011-3665). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57457
    published2012-01-09
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57457
    titleUbuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1306-1)

Oval

accepted2014-10-06T04:01:37.180-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
descriptionThe SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
familywindows
idoval:org.mitre.oval:def:14664
statusaccepted
submitted2011-12-30T14:35:52.000-05:00
titleThe SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
version36

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/112544/mozilla_nssvgvalue.rb.txt
idPACKETSTORM:112544
last seen2016-12-05
published2012-05-08
reporterregenrecht
sourcehttps://packetstormsecurity.com/files/112544/Mozilla-Firefox-7-8-Out-Of-Bounds-Access.html
titleMozilla Firefox 7 / 8 Out-Of-Bounds Access

Saint

bid51138
descriptionFirefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access
idweb_client_firefox
osvdb77953
titlefirefox_domattrmodified_nssvgvalue
typeclient

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 51138 CVE ID: CVE-2011-3658 Firefox是一款非常流行的开源WEB浏览器。Thunderbird是一个邮件客户端,支持IMAP、POP邮件协议以及HTML邮件格式。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox/Thunderbird/SeaMonkey在SVG的实现上存在内存破坏漏洞,攻击者可利用此漏洞执行任意代码,可能导致拒绝服务。 0 Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Thunderbird 8.0 Mozilla SeaMonkey 2.5 厂商补丁: Mozilla ------- Mozilla已经为此发布了一个安全公告(mfsa2011-55)以及相应补丁: mfsa2011-55:Mozilla Foundation Security Advisory 2011-55 链接:http://www.mozilla.org/security/announce/2011/mfsa2011-55.html
idSSV:26091
last seen2017-11-19
modified2011-12-21
published2011-12-21
reporterRoot
titleMozilla Firefox/Thunderbird/SeaMonkey越界内存破坏漏洞