Lucene search
RegenrechtZDI-11-158HistoryMay 10, 2011 - 12:00 a.m.
Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability
2011-05-1000:00:00
regenrecht
www.zerodayinitiative.com
24
EPSS
0.969
Percentile
99.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the OnChannelRedirect method. When an OBJECT element has no mChannel assigned, it is possible to call the |OnChannelRedirect| method, setting a nearly arbitrary object as the channel in use. |mChannel| will become a dangling pointer, allowing an attacker to execute arbitrary code under the context of the user running the browser.
Related
saint
saint
Mozilla Firefox OBJECT mChannel Use-After-Free
2011-08-22 00:00:00
Mozilla Firefox OBJECT mChannel Use-After-Free
2011-08-22 00:00:00
Mozilla Firefox OBJECT mChannel Use-After-Free
2011-08-22 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2011-13
2011-05-01 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-05-11 00:00:00
ubuntucve
ubuntucve
CVE-2011-0065
2011-05-04 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:57:31
zdt
zdt
Mozilla Firefox 3.6 mChannel Use-After-Free Vulnerability
2014-11-26 00:00:00
exploitdb
exploitdb
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox OBJECT mChannel Use After Free (CVE-2011-0065)
2011-11-01 00:00:00
canvas
canvas
Immunity Canvas: FIREFOX_CHANNELREDIRECT
2011-05-07 18:55:00
nvd
nvd
CVE-2011-0065
2011-05-07 18:55:00
packetstorm
packetstorm
Mozilla Firefox 3.6.16 mChannel Use After Free
2011-08-10 00:00:00
Mozilla Firefox 3.6 mChannel Use-After-Free
2014-11-25 00:00:00
Mozilla Firefox 3.6.16 mChannel Use After Free Exploit
2011-08-05 00:00:00
cve
cve
CVE-2011-0065
2011-05-07 18:55:00
cvelist
cvelist
CVE-2011-0065
2011-05-07 18:00:00
prion
prion
Design/Logic Flaw
2011-05-07 18:55:00
mozilla
mozilla
Multiple dangling pointer vulnerabilities — Mozilla
2011-04-28 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities (May 2011) - Windows
2011-05-18 00:00:00
Mozilla Products Multiple Vulnerabilities May-11 (Windows)
2011-05-18 00:00:00
Debian: Security Advisory (DSA-2235-1)
2011-08-03 00:00:00
nessus
nessus
openSUSE Security Update : seamonkey (seamonkey-4462)
2014-06-13 00:00:00
openSUSE Security Update : seamonkey (seamonkey-4462)
2014-06-13 00:00:00
openSUSE Security Update : seamonkey (seamonkey-4462)
2011-05-05 00:00:00
debian
debian
[SECURITY] [DSA 2235-1] icedove security update
2011-05-10 19:59:51
[SECURITY] [DSA 2228-1] iceweasel security update
2011-05-01 16:34:39
[SECURITY] [DSA 2227-1] iceape security update
2011-04-30 14:52:24
osv
osv
iceape - several
2011-04-30 00:00:00
iceweasel - several
2011-05-01 00:00:00
icedove - several
2011-05-10 00:00:00
ubuntu
ubuntu
Thunderbird regression
2011-06-06 00:00:00
Firefox and Xulrunner vulnerabilities
2011-04-29 00:00:00
Thunderbird vulnerabilities
2011-05-05 00:00:00
centos
centos
firefox, xulrunner security update
2011-04-29 15:48:25
redhat
redhat
(RHSA-2011:0471) Critical: firefox security update
2011-04-28 00:00:00
oraclelinux
oraclelinux
firefox security update
2011-04-29 00:00:00
suse
suse
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00