Lucene search
MitreCVE-2011-0084HistoryAug 18, 2011 - 6:55 p.m.
CVE-2011-0084
2011-08-1818:55:01
CWE-94
mitre
web.nvd.nist.gov
161
cve
2011
0084
svgtextelement
mozilla
firefox
thunderbird
seamonkey
remote code execution
nvd
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
9.7
Confidence
High
EPSS
0.802
Percentile
98.4%
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a “dangling pointer.”
Affected configurations
Node
mozillafirefoxRange≤3.6.19
ORmozillafirefoxMatch1.0
ORmozillafirefoxMatch1.0preview_release
ORmozillafirefoxMatch1.0.1
ORmozillafirefoxMatch1.0.2
ORmozillafirefoxMatch1.0.3
ORmozillafirefoxMatch1.0.4
ORmozillafirefoxMatch1.0.5
ORmozillafirefoxMatch1.0.6
ORmozillafirefoxMatch1.0.7
ORmozillafirefoxMatch1.0.8
ORmozillafirefoxMatch1.5
ORmozillafirefoxMatch1.5beta1
ORmozillafirefoxMatch1.5beta2
ORmozillafirefoxMatch1.5.0.1
ORmozillafirefoxMatch1.5.0.2
ORmozillafirefoxMatch1.5.0.3
ORmozillafirefoxMatch1.5.0.4
ORmozillafirefoxMatch1.5.0.5
ORmozillafirefoxMatch1.5.0.6
ORmozillafirefoxMatch1.5.0.7
ORmozillafirefoxMatch1.5.0.8
ORmozillafirefoxMatch1.5.0.9
ORmozillafirefoxMatch1.5.0.10
ORmozillafirefoxMatch1.5.0.11
ORmozillafirefoxMatch1.5.0.12
ORmozillafirefoxMatch1.5.1
ORmozillafirefoxMatch1.5.2
ORmozillafirefoxMatch1.5.3
ORmozillafirefoxMatch1.5.4
ORmozillafirefoxMatch1.5.5
ORmozillafirefoxMatch1.5.6
ORmozillafirefoxMatch1.5.7
ORmozillafirefoxMatch1.5.8
ORmozillafirefoxMatch2.0
ORmozillafirefoxMatch2.0.0.1
ORmozillafirefoxMatch2.0.0.2
ORmozillafirefoxMatch2.0.0.3
ORmozillafirefoxMatch2.0.0.4
ORmozillafirefoxMatch2.0.0.5
ORmozillafirefoxMatch2.0.0.6
ORmozillafirefoxMatch2.0.0.7
ORmozillafirefoxMatch2.0.0.8
ORmozillafirefoxMatch2.0.0.9
ORmozillafirefoxMatch2.0.0.10
ORmozillafirefoxMatch2.0.0.11
ORmozillafirefoxMatch2.0.0.12
ORmozillafirefoxMatch2.0.0.13
ORmozillafirefoxMatch2.0.0.14
ORmozillafirefoxMatch2.0.0.15
ORmozillafirefoxMatch2.0.0.16
ORmozillafirefoxMatch2.0.0.17
ORmozillafirefoxMatch2.0.0.18
ORmozillafirefoxMatch2.0.0.19
ORmozillafirefoxMatch2.0.0.20
ORmozillafirefoxMatch3.0
ORmozillafirefoxMatch3.0.1
ORmozillafirefoxMatch3.0.2
ORmozillafirefoxMatch3.0.3
ORmozillafirefoxMatch3.0.4
ORmozillafirefoxMatch3.0.5
ORmozillafirefoxMatch3.0.6
ORmozillafirefoxMatch3.0.7
ORmozillafirefoxMatch3.0.8
ORmozillafirefoxMatch3.0.9
ORmozillafirefoxMatch3.0.10
ORmozillafirefoxMatch3.0.11
ORmozillafirefoxMatch3.0.12
ORmozillafirefoxMatch3.0.13
ORmozillafirefoxMatch3.0.14
ORmozillafirefoxMatch3.0.15
ORmozillafirefoxMatch3.0.16
ORmozillafirefoxMatch3.0.17
ORmozillafirefoxMatch3.5
ORmozillafirefoxMatch3.5.1
ORmozillafirefoxMatch3.5.2
ORmozillafirefoxMatch3.5.3
ORmozillafirefoxMatch3.5.4
ORmozillafirefoxMatch3.5.5
ORmozillafirefoxMatch3.5.6
ORmozillafirefoxMatch3.5.7
ORmozillafirefoxMatch3.5.8
ORmozillafirefoxMatch3.5.9
ORmozillafirefoxMatch3.5.10
ORmozillafirefoxMatch3.5.11
ORmozillafirefoxMatch3.5.12
ORmozillafirefoxMatch3.5.13
ORmozillafirefoxMatch3.5.14
ORmozillafirefoxMatch3.5.15
ORmozillafirefoxMatch3.5.16
ORmozillafirefoxMatch3.5.17
ORmozillafirefoxMatch3.5.18
ORmozillafirefoxMatch3.5.19
ORmozillafirefoxMatch3.6
ORmozillafirefoxMatch3.6.2
ORmozillafirefoxMatch3.6.3
ORmozillafirefoxMatch3.6.4
ORmozillafirefoxMatch3.6.6
ORmozillafirefoxMatch3.6.7
ORmozillafirefoxMatch3.6.8
ORmozillafirefoxMatch3.6.9
ORmozillafirefoxMatch3.6.10
ORmozillafirefoxMatch3.6.11
ORmozillafirefoxMatch3.6.12
ORmozillafirefoxMatch3.6.13
ORmozillafirefoxMatch3.6.14
ORmozillafirefoxMatch3.6.15
ORmozillafirefoxMatch3.6.16
ORmozillafirefoxMatch3.6.17
ORmozillafirefoxMatch3.6.18
Node
mozillafirefoxMatch4.0
ORmozillafirefoxMatch4.0beta1
ORmozillafirefoxMatch4.0beta10
ORmozillafirefoxMatch4.0beta11
ORmozillafirefoxMatch4.0beta12
ORmozillafirefoxMatch4.0beta2
ORmozillafirefoxMatch4.0beta3
ORmozillafirefoxMatch4.0beta4
ORmozillafirefoxMatch4.0beta5
ORmozillafirefoxMatch4.0beta6
ORmozillafirefoxMatch4.0beta7
ORmozillafirefoxMatch4.0beta8
ORmozillafirefoxMatch4.0beta9
ORmozillafirefoxMatch4.0.1
ORmozillafirefoxMatch5.0
Node
mozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillaseamonkeyMatch2.0.2
ORmozillaseamonkeyMatch2.0.3
ORmozillaseamonkeyMatch2.0.4
ORmozillaseamonkeyMatch2.0.5
ORmozillaseamonkeyMatch2.0.6
ORmozillaseamonkeyMatch2.0.7
ORmozillaseamonkeyMatch2.0.8
ORmozillaseamonkeyMatch2.0.9
ORmozillaseamonkeyMatch2.0.10
ORmozillaseamonkeyMatch2.0.11
ORmozillaseamonkeyMatch2.0.12
ORmozillaseamonkeyMatch2.0.13
ORmozillaseamonkeyMatch2.0.14
ORmozillaseamonkeyMatch2.1alpha1
ORmozillaseamonkeyMatch2.1alpha2
ORmozillaseamonkeyMatch2.1alpha3
Node
mozillathunderbirdMatch3.0
ORmozillathunderbirdMatch3.0.1
ORmozillathunderbirdMatch3.0.2
ORmozillathunderbirdMatch3.0.3
ORmozillathunderbirdMatch3.0.4
ORmozillathunderbirdMatch3.0.5
ORmozillathunderbirdMatch3.0.6
ORmozillathunderbirdMatch3.0.7
ORmozillathunderbirdMatch3.0.8
ORmozillathunderbirdMatch3.0.9
ORmozillathunderbirdMatch3.0.10
ORmozillathunderbirdMatch3.0.11
ORmozillathunderbirdMatch3.1
ORmozillathunderbirdMatch3.1.1
ORmozillathunderbirdMatch3.1.2
ORmozillathunderbirdMatch3.1.3
ORmozillathunderbirdMatch3.1.4
ORmozillathunderbirdMatch3.1.5
ORmozillathunderbirdMatch3.1.6
ORmozillathunderbirdMatch3.1.7
ORmozillathunderbirdMatch3.1.8
ORmozillathunderbirdMatch3.1.9
ORmozillathunderbirdMatch3.1.10
ORmozillathunderbirdMatch3.1.11
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | 1.5.0.9 | cpe:/a:mozilla:firefox:1.5.0.9::: |
| mozilla | firefox | 3.5.2 | cpe:/a:mozilla:firefox:3.5.2::: |
| mozilla | firefox | 3.5.14 | cpe:/a:mozilla:firefox:3.5.14::: |
| mozilla | firefox | 1.5.0.6 | cpe:/a:mozilla:firefox:1.5.0.6::: |
| mozilla | firefox | 3.0.2 | cpe:/a:mozilla:firefox:3.0.2::: |
| mozilla | firefox | 2.0.0.17 | cpe:/a:mozilla:firefox:2.0.0.17::: |
| mozilla | firefox | 1.5.0.3 | cpe:/a:mozilla:firefox:1.5.0.3::: |
| mozilla | firefox | 3.0.14 | cpe:/a:mozilla:firefox:3.0.14::: |
| mozilla | firefox | 3.5.8 | cpe:/a:mozilla:firefox:3.5.8::: |
| mozilla | firefox | 1.0.1 | cpe:/a:mozilla:firefox:1.0.1::: |
References
lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
www.debian.org/security/2011/dsa-2295
www.debian.org/security/2011/dsa-2296
www.debian.org/security/2011/dsa-2297
www.mandriva.com/security/advisories?name=MDVSA-2011:127
www.mozilla.org/security/announce/2011/mfsa2011-29.html
www.mozilla.org/security/announce/2011/mfsa2011-30.html
www.mozilla.org/security/announce/2011/mfsa2011-31.html
www.mozilla.org/security/announce/2011/mfsa2011-33.html
www.redhat.com/support/errata/RHSA-2011-1164.html
www.redhat.com/support/errata/RHSA-2011-1166.html
bugzilla.mozilla.org/show_bug.cgi?id=648094
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14502
Related
openvas
openvas
Mozilla Products 'SVG' Code Execution Vulnerability (Windows)
2011-09-09 00:00:00
Mozilla Products 'SVG' Code Execution Vulnerability - Windows
2011-09-09 00:00:00
RedHat Update for thunderbird RHSA-2011:1166-01
2012-07-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products Malformed SVG Use After Free (CVE-2011-0084)
2012-01-03 00:00:00
Mozilla Multiple Products Malformed SVG Use After Free (CVE-2011-0084)
2012-01-03 00:00:00
prion
prion
Session fixation
2011-08-18 18:55:00
ubuntucve
ubuntucve
CVE-2011-0084
2011-08-17 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:01:37
nvd
nvd
CVE-2011-0084
2011-08-18 18:55:01
cvelist
cvelist
CVE-2011-0084
2011-08-18 18:00:00
securityvulns
securityvulns
zdi
zdi
nessus
nessus
RHEL 6 : thunderbird (RHSA-2011:1166)
2011-08-17 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2011-1166)
2013-07-12 00:00:00
Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64
2012-08-01 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2011-08-16 00:00:00
firefox security update
2011-08-16 00:00:00
redhat
redhat
(RHSA-2011:1166) Critical: thunderbird security update
2011-08-16 00:00:00
(RHSA-2011:1164) Critical: firefox security update
2011-08-16 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2011-08-19 00:00:00
Thunderbird vulnerabilities
2011-08-26 00:00:00
Libvoikko regression
2011-10-19 00:00:00
osv
osv
icedove - several
2011-08-21 00:00:00
iceape - several
2011-08-17 00:00:00
iceweasel - several
2011-08-17 00:00:00
debian
debian
[BSA-046] Security Update for icedove
2011-08-26 20:23:59
[SECURITY] [DSA 2297-1] icedove security update
2011-08-21 18:57:44
[SECURITY] [DSA 2296-1] iceweasel security update
2011-08-17 19:13:01
centos
centos
firefox, xulrunner security update
2011-08-16 23:27:06
suse
suse
Security update for Mozilla Firefox (important)
2011-08-29 21:08:22
MozillaThunderbird: Update to 3.1.12 (important)
2011-08-29 20:08:38
MozillaFirefox: Update to Firefox 3.6.20 (important)
2011-08-26 20:08:19
mozilla
mozilla
Security issues addressed in Thunderbird 3.1.12 — Mozilla
2011-08-16 00:00:00
Security issues addressed in Firefox 3.6.20 — Mozilla
2011-08-16 00:00:00
Security issues addressed in Thunderbird 6 — Mozilla
2011-08-16 00:00:00
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkey多个安全漏洞
2011-08-18 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-08-16 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
9.7
Confidence
High
EPSS
0.802
Percentile
98.4%
Related for CVE-2011-0084