9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.921 High
EPSS
Percentile
98.9%
Added: 05/21/2012
CVE: CVE-2011-3659
BID: 51755
OSVDB: 78736
Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.
In Firefox version prior to 3.6.26, and 4.0 through 9.0, when removing child objects from the DOM tree, the removed child may still be accessible. A call to the AttributeChildRemoved method takes place before actually removing the child. This may cause certain mutation observers to maintain a reference to the object after it has been freed, which could result in a heap overflow condition if the object is accessed again. An attacker could leverage this vulnerability to control execution on the target system.
For Firefox 3.x, upgrade to Firefox 3.6.26 or later. For Firefox 4.x or above, upgrade to Firefox 10.0 or later.
<https://bugzilla.mozilla.org/show_bug.cgi?id=708198>
<http://secunia.com/advisories/47816/>
<http://www.zerodayinitiative.com/advisories/ZDI-12-059>
This exploit has been tested against Mozilla Foundation Firefox 8.x and 9.x on Windows XP SP3 English (DEP OptIn). Due to the nature of this vulnerability, the exploit may not be completely reliable against all vulnerable targets.
Windows