CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.4%
Added: 05/21/2012
CVE: CVE-2011-3658
BID: 51138
OSVDB: 77953
Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.
A flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access and possible remote code execution if SVG elements are removed during a **DOMAttrModified**
event handler.
Upgrade to Firefox 9.0 or higher.
<http://www.zerodayinitiative.com/advisories/ZDI-12-056/>
<https://bugzilla.mozilla.org/show_bug.cgi?id=708186>
This exploit has been tested on Mozilla Foundation Firefox 7.0.1 and 8.0.1 on Windows XP SP3 English (DEP OptIn).
The user must load the exploit page in Firefox.
Windows XP