Lucene search
RegenrechtZDI-11-271HistoryAug 17, 2011 - 12:00 a.m.
Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability
2011-08-1700:00:00
regenrecht
www.zerodayinitiative.com
19
EPSS
0.786
Percentile
98.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw results when .setUserData() handlers are used with an object and .appendChild() is called within a handler. Ultimately the import operation resulting from an .appendChild() is not guarded from mutation, and invalid DOM trees can result. Invalid DOM trees can be navigated resulting in dereferencing invalid pointers which can be leveraged to execute arbitrary code in the context of the browser.
Related
cve
cve
CVE-2011-2378
2011-08-18 18:55:01
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:01:38
securityvulns
securityvulns
nvd
nvd
CVE-2011-2378
2011-08-18 18:55:01
prion
prion
Null pointer dereference
2011-08-18 18:55:00
cvelist
cvelist
CVE-2011-2378
2011-08-18 18:00:00
ubuntucve
ubuntucve
CVE-2011-2378
2011-08-19 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities (Windows)
2011-09-09 00:00:00
RedHat Update for thunderbird RHSA-2011:1166-01
2012-07-09 00:00:00
Mozilla Products Multiple Vulnerabilities - Windows
2011-09-09 00:00:00
nessus
nessus
RHEL 6 : thunderbird (RHSA-2011:1166)
2011-08-17 00:00:00
Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2011-1166)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2011:1166) Critical: thunderbird security update
2011-08-16 00:00:00
(RHSA-2011:1164) Critical: firefox security update
2011-08-16 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2011-08-16 00:00:00
firefox security update
2011-08-16 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2011-08-26 00:00:00
Firefox and Xulrunner vulnerabilities
2011-08-19 00:00:00
osv
osv
iceape - several
2011-08-17 00:00:00
icedove - several
2011-08-21 00:00:00
iceweasel - several
2011-08-17 00:00:00
debian
debian
[BSA-046] Security Update for icedove
2011-08-26 20:23:59
[SECURITY] [DSA 2295-1] iceape security update
2011-08-17 17:37:19
[SECURITY] [DSA 2297-1] icedove security update
2011-08-21 18:57:44
centos
centos
firefox, xulrunner security update
2011-08-16 23:27:06
mozilla
mozilla
Security issues addressed in Thunderbird 3.1.12 — Mozilla
2011-08-16 00:00:00
Security issues addressed in Firefox 3.6.20 — Mozilla
2011-08-16 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2011-08-29 21:08:22
MozillaThunderbird: Update to 3.1.12 (important)
2011-08-29 20:08:38
MozillaFirefox: Update to Firefox 3.6.20 (important)
2011-08-26 20:08:19
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-08-16 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00