Lucene search
RegenrechtZDI-11-103HistoryMar 02, 2011 - 12:00 a.m.
Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability
2011-03-0200:00:00
regenrecht
www.zerodayinitiative.com
23
EPSS
0.108
Percentile
95.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within js3250.dll. In the JSON.stringify() call chain js_HasOwnProperty() is called with an invalid pointer. The pointer becomes invalid due to being unrooted and garbage collection occurring. Dereferecing of this pointer allows a remote attacker to execute arbitrary code in the context of the user running the browser.
Related
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2011-03
2011-03-03 00:00:00
ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability
2011-03-03 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-03-03 00:00:00
cve
cve
CVE-2011-0055
2011-03-02 20:00:01
cvelist
cvelist
CVE-2011-0055
2011-03-02 19:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:54:19
prion
prion
Design/Logic Flaw
2011-03-02 20:00:00
mozilla
mozilla
Use-after-free error in JSON.stringify — Mozilla
2011-03-01 00:00:00
ubuntucve
ubuntucve
CVE-2011-0055
2011-03-02 00:00:00
nvd
nvd
CVE-2011-0055
2011-03-02 20:00:01
openvas
openvas
Mozilla Products Multiple Vulnerabilities March-11 (Windows)
2011-03-10 00:00:00
Mozilla Products Multiple Vulnerabilities (MFSA2011-02, MFSA2011-03, MFSA2011-04, MFSA2011-05, MFSA2011-06, MFSA2011-07) - Windows
2011-03-10 00:00:00
Debian: Security Advisory (DSA-2180-1)
2011-03-09 00:00:00
osv
osv
iceweasel - several
2011-03-09 00:00:00
iceape - several
2011-03-03 00:00:00
icedove - several
2011-03-09 00:00:00
debian
debian
[BSA-027] Security Update for iceweasel
2011-03-12 08:28:24
[SECURITY] [DSA 2187-1] icedove security update
2011-03-09 21:12:07
[SECURITY] [DSA 2180-1] iceape security update
2011-03-03 22:12:20
nessus
nessus
Debian DSA-2180-1 : iceape - several vulnerabilities
2011-03-04 00:00:00
Debian DSA-2187-1 : icedove - several vulnerabilities
2011-03-11 00:00:00
Debian DSA-2186-1 : iceweasel - several vulnerabilities
2011-03-11 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner regression
2011-03-07 00:00:00
Firefox and Xulrunner vulnerabilities
2011-03-03 00:00:00
Xulrunner vulnerabilities
2011-04-30 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-03-01 00:00:00
centos
centos
firefox security update
2011-03-03 05:18:19
oraclelinux
oraclelinux
firefox security and bug fix update
2011-03-02 00:00:00
redhat
redhat
(RHSA-2011:0310) Critical: firefox security and bug fix update
2011-03-01 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2011-03-15 12:02:21
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00