CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
Added: 08/22/2011
CVE: CVE-2011-0065
BID: 47659
OSVDB: 72085
Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.
A use-after-free vulnerability allows command execution when a user loads a specially crafted web page that causes an **OnChannelRedirect**
method call on an object with an unassigned mChannel, resulting in a dangling pointer.
Upgrade to Firefox 3.5.19 or 3.6.17 or higher.
<http://www.mozilla.org/security/announce/2011/mfsa2011-13.html>
Exploit works on Mozilla Foundation Firefox 3.6.16 on Microsoft Windows XP SP3 English (DEP OptIn) with KB959426.
The user must open the exploit page in Firefox.
Windows