Veracode Vulnerability DatabaseVERACODE:24712Arbitrary Code Execution
0.106 Low
EPSS
Percentile
95.1%
firefox is vulnerable to arbitrary code execution. The vulnerability exists as an integer underflow flaw was found in the way Firefox handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
References
lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
www.debian.org/security/2011/dsa-2312
www.debian.org/security/2011/dsa-2313
www.debian.org/security/2011/dsa-2317
www.mandriva.com/security/advisories?name=MDVSA-2011:139
www.mandriva.com/security/advisories?name=MDVSA-2011:140
www.mandriva.com/security/advisories?name=MDVSA-2011:141
www.mozilla.org/security/announce/2011/mfsa2011-37.html
www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23
www.redhat.com/support/errata/RHSA-2011-1341.html
access.redhat.com/errata/RHSA-2011:1341
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=684815
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012
Related
