CVE-2011-0073

2011-05-0718:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2011-0073

mozilla firefox

seamonkey

remote code execution

security vulnerability

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a “dangling pointer.”

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq3.6.2
mozilla:firefoxmozilla firefoxeq3.6.3
mozilla:firefoxmozilla firefoxeq3.6.15
mozilla:firefoxmozilla firefoxeq3.6.11
mozilla:firefoxmozilla firefoxeq3.6.8
mozilla:firefoxmozilla firefoxeq3.6.9
mozilla:firefoxmozilla firefoxeq3.6.14
mozilla:firefoxmozilla firefoxeq3.6.12
mozilla:firefoxmozilla firefoxeq3.6.6
mozilla:firefoxmozilla firefoxeq3.6.16

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	3.6.2
mozilla:firefox	mozilla firefox	eq	3.6.3
mozilla:firefox	mozilla firefox	eq	3.6.15
mozilla:firefox	mozilla firefox	eq	3.6.11
mozilla:firefox	mozilla firefox	eq	3.6.8
mozilla:firefox	mozilla firefox	eq	3.6.9
mozilla:firefox	mozilla firefox	eq	3.6.14
mozilla:firefox	mozilla firefox	eq	3.6.12
mozilla:firefox	mozilla firefox	eq	3.6.6
mozilla:firefox	mozilla firefox	eq	3.6.16