CVE-2011-3659

CVSS v2.0 9.3 (High)

EPSS 89.80 % (99^th)

Affected Products 7

Advisories 12

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2012-02-01 16:55:00
(12 years ago)
Updated Date: 2020-08-28 13:10:40
(4 years ago)

Affected Products

Mozilla

Opensuse

Opensuse

Suse

Configuration #1

	CPE23	From	Up To
Mozilla Firefox prior 3.6.26 version	cpe:2.3:a:mozilla:firefox		< 3.6.26
Mozilla Firefox from 4.0 version and prior 10.0 version	cpe:2.3:a:mozilla:firefox	>= 4.0	< 10.0
Mozilla Seamonkey prior 2.7 version	cpe:2.3:a:mozilla:seamonkey		< 2.7
Mozilla Thunderbird prior 3.1.18 version	cpe:2.3:a:mozilla:thunderbird		< 3.1.18
Mozilla Thunderbird from 5.0 version and prior 10.0 version	cpe:2.3:a:mozilla:thunderbird	>= 5.0	< 10.0

Configuration #2

		CPE23	From	Up To
	Opensuse 11.4	cpe:2.3:o:opensuse:opensuse:11.4
	Suse Linux Enterprise Desktop 10 SP4	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4
	Suse Linux Enterprise Desktop 11 SP1	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1
	Suse Linux Enterprise Server 10 SP4	cpe:2.3:o:suse:linux_enterprise_server:10:sp4
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1
	Suse Linux Enterprise Server 11 SP1 for Vmware	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::*:vmware
	Suse Linux Enterprise Software Development Kit 10 SP4	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4
	Suse Linux Enterprise Software Development Kit 11 SP1	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1