CVE-2011-3671

2012-06-1819:55:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2011-3671

use-after-free vulnerability

nshtmlselectelement

mozilla firefox

thunderbird

seamonkey

remote code execution

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.9%

JSON

Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.

CPENameOperatorVersion
mozilla:seamonkeymozilla seamonkeyeq2.0.10
mozilla:seamonkeymozilla seamonkeyeq1.1.10
mozilla:firefoxmozilla firefoxeq4.0
mozilla:seamonkeymozilla seamonkeyeq1.0.3
mozilla:seamonkeymozilla seamonkeyeq2.0.13
mozilla:seamonkeymozilla seamonkeyeq1.1.8
mozilla:seamonkeymozilla seamonkeyeq1.0.1
mozilla:seamonkeymozilla seamonkeyeq1.1.7
mozilla:firefoxmozilla firefoxeq8.0
mozilla:seamonkeymozilla seamonkeyeq1.5.0.10

CPE	Name	Operator	Version
mozilla:seamonkey	mozilla seamonkey	eq	2.0.10
mozilla:seamonkey	mozilla seamonkey	eq	1.1.10
mozilla:firefox	mozilla firefox	eq	4.0
mozilla:seamonkey	mozilla seamonkey	eq	1.0.3
mozilla:seamonkey	mozilla seamonkey	eq	2.0.13
mozilla:seamonkey	mozilla seamonkey	eq	1.1.8
mozilla:seamonkey	mozilla seamonkey	eq	1.0.1
mozilla:seamonkey	mozilla seamonkey	eq	1.1.7
mozilla:firefox	mozilla firefox	eq	8.0
mozilla:seamonkey	mozilla seamonkey	eq	1.5.0.10