Lucene search

[email protected]CVE-2011-3659

HistoryFeb 01, 2012 - 4:55 p.m.

CVE-2011-3659

2012-02-0116:55:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2011-3659

mozilla firefox

vulnerability

remote code execution

nvd

seamonkey

thunderbird

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.5 High

AI Score

Confidence

High

0.917 High

EPSS

Percentile

98.9%

JSON

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.

Affected configurations

NVD

Node

mozillafirefoxRange<3.6.26

mozillafirefoxRange4.0–10.0

mozillaseamonkeyRange<2.7

mozillathunderbirdRange<3.1.18

mozillathunderbirdRange5.0–10.0

Node

opensuseopensuseMatch11.4

suselinux_enterprise_desktopMatch10sp4

suselinux_enterprise_desktopMatch11sp1

suselinux_enterprise_serverMatch10sp4

suselinux_enterprise_serverMatch11sp1

suselinux_enterprise_serverMatch11sp1vmware

suselinux_enterprise_software_development_kitMatch10sp4

suselinux_enterprise_software_development_kitMatch11sp1

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt3.6.26
mozilla:firefoxmozilla firefoxlt10.0
mozilla:seamonkeymozilla seamonkeylt2.7
mozilla:thunderbirdmozilla thunderbirdlt3.1.18
mozilla:thunderbirdmozilla thunderbirdlt10.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	3.6.26
mozilla:firefox	mozilla firefox	lt	10.0
mozilla:seamonkey	mozilla seamonkey	lt	2.7
mozilla:thunderbird	mozilla thunderbird	lt	3.1.18
mozilla:thunderbird	mozilla thunderbird	lt	10.0