Lucene search
Mozilla FoundationMFSA2011-03HistoryMar 01, 2011 - 12:00 a.m.
Use-after-free error in JSON.stringify — Mozilla
2011-03-0100:00:00
Mozilla Foundation
www.mozilla.org
21
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.108
Percentile
95.2%
Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative that a method used by JSON.stringify contained a use-after-free error in which a currently in-use pointer was freed and subsequently dereferenced. This could lead to arbitrary code execution if an attacker was able to store malicious code in the freed section of memory.
Affected configurations
Node
mozillafirefoxRange<3.5.17
ORmozillafirefoxRange<3.6.14
ORmozillaseamonkeyRange<2.0.12
Related
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2011-03
2011-03-03 00:00:00
ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability
2011-03-03 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-03-03 00:00:00
zdi
zdi
cve
cve
CVE-2011-0055
2011-03-02 20:00:01
cvelist
cvelist
CVE-2011-0055
2011-03-02 19:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:54:19
prion
prion
Design/Logic Flaw
2011-03-02 20:00:00
ubuntucve
ubuntucve
CVE-2011-0055
2011-03-02 00:00:00
nvd
nvd
CVE-2011-0055
2011-03-02 20:00:01
openvas
openvas
Mozilla Products Multiple Vulnerabilities March-11 (Windows)
2011-03-10 00:00:00
Mozilla Products Multiple Vulnerabilities (MFSA2011-02, MFSA2011-03, MFSA2011-04, MFSA2011-05, MFSA2011-06, MFSA2011-07) - Windows
2011-03-10 00:00:00
Debian: Security Advisory (DSA-2180-1)
2011-03-09 00:00:00
osv
osv
iceweasel - several
2011-03-09 00:00:00
iceape - several
2011-03-03 00:00:00
icedove - several
2011-03-09 00:00:00
debian
debian
[BSA-027] Security Update for iceweasel
2011-03-12 08:28:24
[SECURITY] [DSA 2187-1] icedove security update
2011-03-09 21:12:07
[SECURITY] [DSA 2180-1] iceape security update
2011-03-03 22:12:20
nessus
nessus
Debian DSA-2180-1 : iceape - several vulnerabilities
2011-03-04 00:00:00
Debian DSA-2187-1 : icedove - several vulnerabilities
2011-03-11 00:00:00
Debian DSA-2186-1 : iceweasel - several vulnerabilities
2011-03-11 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner regression
2011-03-07 00:00:00
Firefox and Xulrunner vulnerabilities
2011-03-03 00:00:00
Xulrunner vulnerabilities
2011-04-30 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-03-01 00:00:00
centos
centos
firefox security update
2011-03-03 05:18:19
oraclelinux
oraclelinux
firefox security and bug fix update
2011-03-02 00:00:00
redhat
redhat
(RHSA-2011:0310) Critical: firefox security and bug fix update
2011-03-01 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2011-03-15 12:02:21
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.108
Percentile
95.2%
Related for MFSA2011-03