Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3658

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3658
Last Modified 14 Feb 2013 11:49:27
Published 20 Dec 2011 11:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3658

Summary

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.

Vulnerable Systems

Application

  • Mozilla Firefox 8.0

  • Mozilla Seamonkey 2.5

  • Mozilla Thunderbird 8.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=708186

CONFIRM - http://www.mozilla.org/security/announce/2011/mfsa2011-55.html

XF - firefox-domattrmodified-code-exec(71910)

SECTRACK - 1026447

SECTRACK - 1026446

SECTRACK - 1026445

MANDRIVA - MDVSA-2011:192

SECUNIA - 47334

SECUNIA - 47302

OSVDB - 77953

SUSE - openSUSE-SU-2012:0039

SUSE - openSUSE-SU-2012:0007

SECUNIA - 48495

SUSE - openSUSE-SU-2012:0417

UBUNTU - USN-1401-1

SECUNIA - 48553

SECUNIA - 49055

SECUNIA - 48823

Related Patches

Mozilla Firefox (English) 3.6.28 for Windows (Update) (See Notes)

Mozilla Firefox 9.0 for Mac OS X (Update) (See Note)


Last Updated: 27 May 2016 10:51:41