CVE-2011-1179

2011-04-1817:55:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.047

Percentile

92.6%

JSON

The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer.

Affected configurations

Nvd

Node

redhatspice-xpiMatch2.2

redhatspice-xpiMatch2.3

redhatspice-xpiMatch2.4

AND

mozillafirefox

VendorProductVersionCPE
redhatspice-xpi2.2cpe:2.3:a:redhat:spice-xpi:2.2:*:*:*:*:*:*:*
redhatspice-xpi2.3cpe:2.3:a:redhat:spice-xpi:2.3:*:*:*:*:*:*:*
redhatspice-xpi2.4cpe:2.3:a:redhat:spice-xpi:2.4:*:*:*:*:*:*:*
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	spice-xpi	2.2	cpe:2.3:a:redhat:spice-xpi:2.2:::::::*
redhat	spice-xpi	2.3	cpe:2.3:a:redhat:spice-xpi:2.3:::::::*
redhat	spice-xpi	2.4	cpe:2.3:a:redhat:spice-xpi:2.4:::::::*
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::