CVE-2011-3005

2011-09-2900:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-3005

use-after-free vulnerability

mozilla firefox

thunderbird

seamonkey

ogg headers

denial of service

application crash

arbitrary code execution

security vulnerability

9.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

92.0%

JSON

Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq4.0
mozilla:firefoxmozilla firefoxeq5.0
mozilla:firefoxmozilla firefoxeq6.0
mozilla:firefoxmozilla firefoxeq4.0.1
mozilla:thunderbirdmozilla thunderbirdeq3.0.8
mozilla:thunderbirdmozilla thunderbirdeq3.0.5
mozilla:thunderbirdmozilla thunderbirdeq1.5.0.7
mozilla:thunderbirdmozilla thunderbirdeq0.6
mozilla:thunderbirdmozilla thunderbirdeq0.7.2
mozilla:thunderbirdmozilla thunderbirdeq3.1.8

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	4.0
mozilla:firefox	mozilla firefox	eq	5.0
mozilla:firefox	mozilla firefox	eq	6.0
mozilla:firefox	mozilla firefox	eq	4.0.1
mozilla:thunderbird	mozilla thunderbird	eq	3.0.8
mozilla:thunderbird	mozilla thunderbird	eq	3.0.5
mozilla:thunderbird	mozilla thunderbird	eq	1.5.0.7
mozilla:thunderbird	mozilla thunderbird	eq	0.6
mozilla:thunderbird	mozilla thunderbird	eq	0.7.2
mozilla:thunderbird	mozilla thunderbird	eq	3.1.8