Lucene search
SAINT CorporationSAINT:AC6E65EF51EFC8927BA761387238C0F3HistoryMay 21, 2012 - 12:00 a.m.
Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access
2012-05-2100:00:00
SAINT Corporation
download.saintcorporation.com
21
EPSS
0.954
Percentile
99.4%
Added: 05/21/2012
CVE: CVE-2011-3658
BID: 51138
OSVDB: 77953
Background
Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.
Problem
A flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access and possible remote code execution if SVG elements are removed during a **DOMAttrModified** event handler.
Resolution
Upgrade to Firefox 9.0 or higher.
References
<http://www.zerodayinitiative.com/advisories/ZDI-12-056/>
<https://bugzilla.mozilla.org/show_bug.cgi?id=708186>
Limitations
This exploit has been tested on Mozilla Foundation Firefox 7.0.1 and 8.0.1 on Windows XP SP3 English (DEP OptIn).
The user must load the exploit page in Firefox.
Platforms
Windows XP
Related
cvelist
cvelist
CVE-2011-3658
2011-12-21 02:00:00
prion
prion
Out-of-bounds
2011-12-21 04:02:00
metasploit
metasploit
Firefox nsSVGValue Out-of-Bounds Access Vulnerability
2012-05-08 02:41:03
openvas
openvas
Mozilla Products DOMAttrModified Memory Corruption Vulnerability (MAC OS X)
2011-12-22 00:00:00
Mozilla Products DOMAttrModified Memory Corruption Vulnerability - Mac OS X
2011-12-22 00:00:00
Mozilla Firefox Security Advisory (MFSA2011-55) - Linux
2021-11-16 00:00:00
mozilla
mozilla
nsSVGValue out-of-bounds access β Mozilla
2011-12-20 00:00:00
ubuntucve
ubuntucve
CVE-2011-3658
2011-12-20 00:00:00
zdi
zdi
saint
saint
seebug
seebug
Mozilla Firefox/Thunderbird/SeaMonkeyθΆηε
εη ΄εζΌζ΄
2011-12-21 00:00:00
packetstorm
packetstorm
Mozilla Firefox 7 / 8 Out-Of-Bounds Access
2012-05-08 00:00:00
nvd
nvd
CVE-2011-3658
2011-12-21 04:02:00
cve
cve
CVE-2011-3658
2011-12-21 04:02:00
checkpoint_advisories
checkpoint_advisories
canvas
canvas
Immunity Canvas: FIREFOX_NSSVGVALUE
2011-12-21 04:02:00
exploitdb
exploitdb
nessus
nessus
Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2)
2012-01-09 00:00:00
openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)
2014-06-13 00:00:00
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0039-2)
2014-06-13 00:00:00
suse
suse
MozillaFirefox (important)
2012-02-09 19:09:53
seamonkey (important)
2012-01-05 12:35:43
seamonkey (important)
2012-01-05 12:08:18
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-01-24 00:00:00
Firefox vulnerabilities
2012-01-06 00:00:00
Mozvoikko and ubufox update
2012-01-06 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-12-20 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-01-02 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00