Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27344
HistoryNov 25, 2011 - 12:00 a.m.

Mozilla Foundation Security Advisory 2011-48

2011-11-2500:00:00
vulners.com
34
JSON

Mozilla Foundation Security Advisory 2011-48

Title: Miscellaneous memory safety hazards (rv:8.0)
Impact: Critical
Announced: November 8, 2011
Products: Firefox, Thunderbird

Fixed in: Firefox 8.0
Thunderbird 8.0
Description

Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.

References

Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey reported memory safety problems that affected Firefox 7.

Memory safety bugs fixed in Firefox 8
CVE-2011-3651
Security researcher Rh0 reported a potentially exploitable crash due to unchecked allocation failure.

https://bugzilla.mozilla.org/show_bug.cgi?id=682727
CVE-2011-3652
Security researcher Aki Helin reported a potentially exploitable crash with an SVG <mpath> linking to a non-SVG element.

https://bugzilla.mozilla.org/show_bug.cgi?id=694953
CVE-2011-3654

Related

mozilla 1
openvas 20
nessus 24
ubuntu 3
suse 5
cve 3
prion 3
ubuntucve 3
freebsd 1
securityvulns 1
kitploit 1
gentoo 1
mozilla
mozilla
Miscellaneous memory safety hazards (rv:8.0) — Mozilla
2011-11-08 00:00:00
openvas
openvas
Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows)
2011-11-11 00:00:00
Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows)
2011-11-11 00:00:00
Mozilla Products Multiple Vulnerabilities (MAC OS X)
2011-11-14 00:00:00
nessus
nessus
Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1277-1)
2011-11-26 00:00:00
Ubuntu 11.10 : thunderbird vulnerabilities (USN-1282-1)
2011-11-29 00:00:00
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)
2014-06-13 00:00:00
ubuntu
ubuntu
Mozvoikko and ubufox update
2011-11-23 00:00:00
Thunderbird vulnerabilities
2011-11-28 00:00:00
Firefox vulnerabilities
2011-11-23 00:00:00
suse
suse
MozillaFirefox secuirty update (critical)
2011-11-15 15:08:39
Seamonkey update (critical)
2011-12-01 15:08:20
Security update for Mozilla Firefox (critical)
2011-11-17 23:08:23
cve
cve
CVE-2011-3654
2011-11-09 11:55:00
CVE-2011-3651
2011-11-09 11:55:00
CVE-2011-3652
2011-11-09 11:55:00
prion
prion
Memory corruption
2011-11-09 11:55:00
Memory corruption
2011-11-09 11:55:00
Memory corruption
2011-11-09 11:55:00
ubuntucve
ubuntucve
CVE-2011-3654
2011-11-09 00:00:00
CVE-2011-3651
2011-11-09 00:00:00
CVE-2011-3652
2011-11-09 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2011-11-08 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-11-25 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for SECURITYVULNS:DOC:27344
mozilla1openvas20nessus24ubuntu3suse5cve3prion3ubuntucve3freebsd1securityvulns1kitploit1gentoo1