Lucene search
Mozilla FoundationMFSA2012-04HistoryJan 31, 2012 - 12:00 a.m.
Child nodes from nsDOMAttribute still accessible after removal of nodes — Mozilla
2012-01-3100:00:00
Mozilla Foundation
www.mozilla.org
31
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.917 High
EPSS
Percentile
98.9%
Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for remote code execution.
Affected configurations
Node
mozillafirefoxRange<10
ORmozillafirefoxRange<3.6.26
ORmozillaseamonkeyRange<2.7
ORmozillathunderbirdRange<10
ORmozillathunderbirdRange<3.1.18
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 10 | |
| firefox | lt | 3.6.26 | |
| seamonkey | lt | 2.7 | |
| thunderbird | lt | 10 | |
| thunderbird | lt | 3.1.18 |
Related
cve
cve
CVE-2011-3659
2012-02-01 16:55:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:07:17
saint
saint
Firefox AttributeChildRemoved Use After Free
2012-05-21 00:00:00
Firefox AttributeChildRemoved Use After Free
2012-05-21 00:00:00
Firefox AttributeChildRemoved Use After Free
2012-05-21 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2012-04
2012-02-03 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-02-03 00:00:00
cvelist
cvelist
CVE-2011-3659
2012-02-01 16:00:00
prion
prion
Design/Logic Flaw
2012-02-01 16:55:00
ubuntucve
ubuntucve
CVE-2011-3659
2012-02-01 00:00:00
zdi
zdi
packetstorm
packetstorm
Firefox 8/9 AttributeChildRemoved() Use-After-Free
2012-05-14 00:00:00
nvd
nvd
CVE-2011-3659
2012-02-01 16:55:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-04) - Linux
2021-11-16 00:00:00
Mozilla Products Multiple Unspecified Vulnerabilities (Feb 2012) - Mac OS X
2012-02-06 00:00:00
Mozilla Products Multiple Unspecified Vulnerabilities (Feb 2012) - Windows
2012-02-03 00:00:00
nessus
nessus
RHEL 6 : thunderbird (RHSA-2012:0080)
2012-02-01 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2012-0080)
2013-07-12 00:00:00
CentOS 6 : thunderbird (CESA-2012:0080)
2012-02-02 00:00:00
redhat
redhat
(RHSA-2012:0080) Critical: thunderbird security update
2012-01-31 00:00:00
(RHSA-2012:0079) Critical: firefox security update
2012-01-31 00:00:00
centos
centos
thunderbird security update
2012-02-01 11:56:07
firefox, xulrunner security update
2012-02-01 03:34:27
oraclelinux
oraclelinux
thunderbird security update
2012-01-31 00:00:00
firefox security update
2012-01-31 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2012-02-09 19:10:22
Security update for Mozilla XULrunner (important)
2012-02-09 19:07:25
MozillaFirefox: Version 10 (important)
2012-02-09 19:10:49
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-02-08 00:00:00
Xulrunnner vulnerabilities
2012-02-08 00:00:00
Firefox vulnerabilities
2012-02-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-01-31 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.917 High
EPSS
Percentile
98.9%
Related for MFSA2012-04