CVE-2011-3658
Mozilla Firefox nsSVGValue Out-of-Bounds Access Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
La implementación de SVG en Mozilla Firefox v8.0, Thunderbird v8.0, y SeaMonkey v2.6, no interactua correctamente con los manejadores de eventos DOMAttrModified, lo que permite a atacantes remotos provocar una denegación de servicio (acceso fuera de límites de memoria) o posiblemente tener otro impacto no especificado a través de vectores que implican la eliminación de elementos SVG.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of nsSVGValue observers. A certain method call can be made to loop excessively causing an out-of-bounds memory access. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the user running the browser.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-09-23 CVE Reserved
- 2011-12-21 CVE Published
- 2012-05-09 First Exploit
- 2024-08-06 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/77953 | Vdb Entry | |
| http://secunia.com/advisories/47302 | Third Party Advisory | |
| http://secunia.com/advisories/47334 | Third Party Advisory | |
| http://secunia.com/advisories/48495 | Third Party Advisory | |
| http://secunia.com/advisories/48553 | Third Party Advisory | |
| http://secunia.com/advisories/48823 | Third Party Advisory | |
| http://secunia.com/advisories/49055 | Third Party Advisory | |
| http://www.securitytracker.com/id?1026445 | Vdb Entry | |
| http://www.securitytracker.com/id?1026446 | Vdb Entry | |
| http://www.securitytracker.com/id?1026447 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=708186 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71910 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14664 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/18847 | 2012-05-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 8.0 Search vendor "Mozilla" for product "Firefox" and version "8.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Seamonkey Search vendor "Mozilla" for product "Seamonkey" | 2.5 Search vendor "Mozilla" for product "Seamonkey" and version "2.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | 8.0 Search vendor "Mozilla" for product "Thunderbird" and version "8.0" | - |
Affected
| ||||||