CVE-2011-3659

2012-02-0116:55:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2011-3659

mozilla firefox

vulnerability

remote code execution

nvd

seamonkey

thunderbird

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.914 High

EPSS

Percentile

98.8%

JSON

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.

CPENameOperatorVersion
mozilla:thunderbirdmozilla thunderbirdlt10.0
mozilla:thunderbirdmozilla thunderbirdlt3.1.18
mozilla:seamonkeymozilla seamonkeylt2.7
mozilla:firefoxmozilla firefoxlt10.0
mozilla:firefoxmozilla firefoxlt3.6.26
suse:linux_enterprise_serversuse linux enterprise servereq11
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_serversuse linux enterprise servereq10
opensuse:opensuseopensuseeq11.4
suse:linux_enterprise_desktopsuse linux enterprise desktopeq10

CPE	Name	Operator	Version
mozilla:thunderbird	mozilla thunderbird	lt	10.0
mozilla:thunderbird	mozilla thunderbird	lt	3.1.18
mozilla:seamonkey	mozilla seamonkey	lt	2.7
mozilla:firefox	mozilla firefox	lt	10.0
mozilla:firefox	mozilla firefox	lt	3.6.26
suse:linux_enterprise_server	suse linux enterprise server	eq	11
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	10
opensuse:opensuse	opensuse	eq	11.4
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	10