Lucene search

PRIOn knowledge basePRION:CVE-2011-3658

HistoryDec 21, 2011 - 4:02 a.m.

Out-of-bounds

2011-12-2104:02:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.955 High

EPSS

Percentile

99.4%

JSON

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.

CPENameOperatorVersion
firefoxeq8.0
seamonkeyeq2.5
thunderbirdeq8.0

Name	Operator	Version
firefox	eq	8.0
seamonkey	eq	2.5
thunderbird	eq	8.0

References

lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html

lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html

lists.opensuse.org/opensuse-updates/2012-03/msg00042.html

osvdb.org/77953

secunia.com/advisories/47302

secunia.com/advisories/47334

secunia.com/advisories/48495

secunia.com/advisories/48553

secunia.com/advisories/48823

secunia.com/advisories/49055

www.mandriva.com/security/advisories?name=MDVSA-2011:192

www.mandriva.com/security/advisories?name=MDVSA-2012:031

www.mozilla.org/security/announce/2011/mfsa2011-55.html

www.securitytracker.com/id?1026445

www.securitytracker.com/id?1026446

www.securitytracker.com/id?1026447

www.ubuntu.com/usn/USN-1401-1

bugzilla.mozilla.org/show_bug.cgi?id=708186

exchange.xforce.ibmcloud.com/vulnerabilities/71910

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14664