Lucene search

K

SAINT CorporationSAINT:0D5347EFBF57D5554906387BC59627A2

HistoryJul 27, 2011 - 12:00 a.m.

Mozilla Firefox nsTreeRange Use After Free

2011-07-2700:00:00

SAINT Corporation

my.saintcorporation.com

16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

Added: 07/27/2011
CVE: CVE-2011-0073
BID: 47663
OSVDB: 72087

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability caused by accessing previously freed memory.

Resolution

For Firefox 3.6, upgrade to version 3.6.17 or later. For Firefox 3.5, upgrade to 3.5.19 or later. For SeaMonkey, upgrade to 2.0.14 or later.

References

<http://www.mozilla.org/security/announce/2011/mfsa2011-13.html>
<https://bugzilla.mozilla.org/show_bug.cgi?id=630919>

Limitations

This exploit has been tested against Mozilla Foundation Firefox 3.6.16 running on Microsoft Windows XP SP3 English (DEP OptIn) with KB959426 updated and “kernel32.dll” version 5.1.2600.5781.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

Related for SAINT:0D5347EFBF57D5554906387BC59627A2

checkpoint_advisories2 saint3 cve1 prion1 packetstorm1 zdi1 veracode1 ubuntucve1 securityvulns2 mozilla1 openvas57 nessus42 centos3 redhat4 oraclelinux4 debian4 osv3 ubuntu5 suse1 gentoo1