Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2011-22
HistoryJun 21, 2011 - 12:00 a.m.

Integer overflow and arbitrary code execution in Array.reduceRight() β€” Mozilla

2011-06-2100:00:00
Mozilla Foundation
www.mozilla.org
21

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.957 High

EPSS

Percentile

99.4%

JSON

Security researchers Chris Rohlf and Yan Ivnitskiy of Matasano Security reported that when a JavaScript Array object had its length set to an extremely large value, the iteration of array elements that occurs when its reduceRight method was subsequently called could result in the execution of attacker controlled memory due to an invalid index value being used to access element properties.

Affected configurations

Vulners
Node
mozillafirefoxRange<3.6.18
OR
mozillafirefoxRange<5
OR
mozillaseamonkeyRange<2.2
OR
mozillathunderbirdRange<3.1.11

Related

seebug 3
checkpoint_advisories 1
openvas 56
cvelist 1
packetstorm 3
ubuntucve 1
prion 1
cve 1
canvas 1
fireeye 1
exploitpack 2
veracode 1
nvd 1
exploitdb 2
osv 3
debian 5
nessus 40
ubuntu 6
suse 4
redhat 3
oraclelinux 3
centos 3
securityvulns 1
gentoo 1
seebug
seebug
Mozilla Firefox Array.reduceRight() Integer Overflow Exploit
2011-10-13 00:00:00
Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
2014-07-01 00:00:00
Mozilla Firefox/Thunderbird/SeaMonkey Array.reduceRight()θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž
2011-06-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products Array.reduceRight Integer Overflow (CVE-2011-2371)
2011-09-27 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2011-22) - Linux
2021-11-16 00:00:00
Mozilla Products Multiple Vulnerabilities - 01 - (Jul 2011) - Windows
2011-07-07 00:00:00
Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01
2011-07-07 00:00:00
cvelist
cvelist
CVE-2011-2371
2011-06-30 16:00:00
packetstorm
packetstorm
Mozilla Firefox Integer Overflow
2011-10-13 00:00:00
Mozilla Firefox 4.0.1 Integer Overflow
2012-02-27 00:00:00
Mozilla Firefox Array.reduceRight() Integer Overflow
2011-10-14 00:00:00
ubuntucve
ubuntucve
CVE-2011-2371
2011-06-24 00:00:00
prion
prion
Integer overflow
2011-06-30 16:55:00
cve
cve
CVE-2011-2371
2011-06-30 16:55:05
canvas
canvas
Immunity Canvas: FIREFOX_ARRAY_REDUCERIGHT
2011-06-30 16:55:00
fireeye
fireeye
Using EMET to Disable EMET
2016-02-23 08:00:00
exploitpack
exploitpack
Mozilla Firefox 4.0.1 - Array.reduceRight() Remote Overflow
2012-02-27 00:00:00
Mozilla Firefox - Array.reduceRight() Integer Overflow (1)
2011-10-12 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:58:40
nvd
nvd
CVE-2011-2371
2011-06-30 16:55:05
exploitdb
exploitdb
Mozilla Firefox 4.0.1 - &#039;Array.reduceRight()&#039; Remote Overflow
2012-02-27 00:00:00
Mozilla Firefox - &#039;Array.reduceRight()&#039; Integer Overflow (1)
2011-10-12 00:00:00
osv
osv
icedove - multiple issues
2011-07-06 00:00:00
iceape - several
2011-07-01 00:00:00
iceweasel - several
2011-07-01 00:00:00
debian
debian
[BSA-040] Security Update for iceweasel
2011-07-04 07:11:09
[SECURITY] [DSA 2273-1] icedove security update
2011-07-06 18:34:07
[SECURITY] [DSA 2268-1] iceweasel security update
2011-07-01 19:32:42
nessus
nessus
Debian DSA-2269-1 : iceape - several vulnerabilities
2011-07-05 00:00:00
Debian DSA-2268-1 : iceweasel - several vulnerabilities
2011-07-05 00:00:00
Debian DSA-2273-1 : icedove - several vulnerabilities
2011-07-07 00:00:00
ubuntu
ubuntu
Firefox regression
2011-06-23 00:00:00
Firefox vulnerabilities
2011-06-22 00:00:00
mozvoikko, ubufox, webfav update
2011-06-22 00:00:00
suse
suse
MozillaThunderbird: Update to Thunderbird 3.1.11 (important)
2011-06-30 21:08:16
Security update for Mozilla Firefox (important)
2011-06-30 23:08:22
remote code execution in MozillaFirefox,MozillaThunderbird
2011-07-05 17:43:33
redhat
redhat
(RHSA-2011:0885) Critical: firefox security and bug fix update
2011-06-21 00:00:00
(RHSA-2011:0888) Critical: seamonkey security update
2011-06-21 00:00:00
(RHSA-2011:0887) Critical: thunderbird security update
2011-06-21 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2011-06-21 00:00:00
thunderbird security update
2011-06-21 00:00:00
firefox security and bug fix update
2011-06-21 00:00:00
centos
centos
seamonkey security update
2011-08-14 21:51:22
firefox, xulrunner security update
2011-06-22 23:42:39
thunderbird security update
2011-06-22 23:49:49
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-06-23 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.957 High

EPSS

Percentile

99.4%

JSON
Related for MFSA2011-22
seebug3checkpoint_advisories1openvas56cvelist1packetstorm3ubuntucve1prion1cve1canvas1fireeye1exploitpack2veracode1nvd1exploitdb2osv3debian5nessus40ubuntu6suse4redhat3oraclelinux3centos3securityvulns1gentoo1