ID CVE-2011-3665
Summary Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.
References
Vulnerable Configurations
  • Mozilla Firefox 4.0
    cpe:2.3:a:mozilla:firefox:4.0
  • Mozilla Firefox 4.0.1
    cpe:2.3:a:mozilla:firefox:4.0.1
  • Mozilla Firefox 4.0 beta1
    cpe:2.3:a:mozilla:firefox:4.0:beta1
  • Mozilla Firefox 4.0 beta10
    cpe:2.3:a:mozilla:firefox:4.0:beta10
  • Mozilla Firefox 4.0 beta11
    cpe:2.3:a:mozilla:firefox:4.0:beta11
  • Mozilla Firefox 4.0 beta12
    cpe:2.3:a:mozilla:firefox:4.0:beta12
  • Mozilla Firefox 4.0 beta2
    cpe:2.3:a:mozilla:firefox:4.0:beta2
  • Mozilla Firefox 4.0 beta3
    cpe:2.3:a:mozilla:firefox:4.0:beta3
  • Mozilla Firefox 4.0 beta4
    cpe:2.3:a:mozilla:firefox:4.0:beta4
  • Mozilla Firefox 4.0 beta5
    cpe:2.3:a:mozilla:firefox:4.0:beta5
  • Mozilla Firefox 4.0 beta6
    cpe:2.3:a:mozilla:firefox:4.0:beta6
  • Mozilla Firefox 4.0 beta7
    cpe:2.3:a:mozilla:firefox:4.0:beta7
  • Mozilla Firefox 4.0 beta8
    cpe:2.3:a:mozilla:firefox:4.0:beta8
  • Mozilla Firefox 4.0 beta9
    cpe:2.3:a:mozilla:firefox:4.0:beta9
  • Mozilla Firefox 5.0
    cpe:2.3:a:mozilla:firefox:5.0
  • Mozilla Firefox 5.0.1
    cpe:2.3:a:mozilla:firefox:5.0.1
  • Mozilla Firefox 6.0
    cpe:2.3:a:mozilla:firefox:6.0
  • Mozilla Firefox 6.0.1
    cpe:2.3:a:mozilla:firefox:6.0.1
  • Mozilla Firefox 6.0.2
    cpe:2.3:a:mozilla:firefox:6.0.2
  • Mozilla Firefox 7.0
    cpe:2.3:a:mozilla:firefox:7.0
  • Mozilla Firefox 7.0.1
    cpe:2.3:a:mozilla:firefox:7.0.1
  • Mozilla Firefox 8.0
    cpe:2.3:a:mozilla:firefox:8.0
  • Mozilla Thunderbird 5.0
    cpe:2.3:a:mozilla:thunderbird:5.0
  • Mozilla Thunderbird 6.0
    cpe:2.3:a:mozilla:thunderbird:6.0
  • Mozilla Thunderbird 6.0.1
    cpe:2.3:a:mozilla:thunderbird:6.0.1
  • Mozilla Thunderbird 6.0.2
    cpe:2.3:a:mozilla:thunderbird:6.0.2
  • Mozilla Thunderbird 7.0
    cpe:2.3:a:mozilla:thunderbird:7.0
  • Mozilla Thunderbird 7.0.1
    cpe:2.3:a:mozilla:thunderbird:7.0.1
  • Mozilla Thunderbird 8.0
    cpe:2.3:a:mozilla:thunderbird:8.0
  • Mozilla SeaMonkey 1.1.17
    cpe:2.3:a:mozilla:seamonkey:1.1.17
  • Mozilla SeaMonkey 2.0.11
    cpe:2.3:a:mozilla:seamonkey:2.0.11
  • Mozilla SeaMonkey 1.1.16
    cpe:2.3:a:mozilla:seamonkey:1.1.16
  • Mozilla Seamonkey 1.1.1
    cpe:2.3:a:mozilla:seamonkey:1.1.1
  • Mozilla SeaMonkey 2.0.6
    cpe:2.3:a:mozilla:seamonkey:2.0.6
  • Mozilla SeaMonkey 2.0.5
    cpe:2.3:a:mozilla:seamonkey:2.0.5
  • Mozilla SeaMonkey 1.1.14
    cpe:2.3:a:mozilla:seamonkey:1.1.14
  • Mozilla SeaMonkey 2.0.2
    cpe:2.3:a:mozilla:seamonkey:2.0.2
  • Mozilla SeaMonkey 1.1.15
    cpe:2.3:a:mozilla:seamonkey:1.1.15
  • Mozilla SeaMonkey 2.0.1
    cpe:2.3:a:mozilla:seamonkey:2.0.1
  • Mozilla SeaMonkey 1.1.11
    cpe:2.3:a:mozilla:seamonkey:1.1.11
  • Mozilla SeaMonkey 1.1.12
    cpe:2.3:a:mozilla:seamonkey:1.1.12
  • Mozilla SeaMonkey 1.1 alpha
    cpe:2.3:a:mozilla:seamonkey:1.1:alpha
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:beta
    cpe:2.3:a:mozilla:seamonkey:1.0:-:beta
  • Mozilla SeaMonkey 2.0.12
    cpe:2.3:a:mozilla:seamonkey:2.0.12
  • Mozilla SeaMonkey 2.0.13
    cpe:2.3:a:mozilla:seamonkey:2.0.13
  • Mozilla SeaMonkey 2.0.14
    cpe:2.3:a:mozilla:seamonkey:2.0.14
  • Mozilla SeaMonkey 1.0 alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha
  • Mozilla SeaMonkey 1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.10
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla Seamonkey 1.1.4
    cpe:2.3:a:mozilla:seamonkey:1.1.4
  • Mozilla Seamonkey 1.1.5
    cpe:2.3:a:mozilla:seamonkey:1.1.5
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:-:alpha
  • cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10
    cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:dev
    cpe:2.3:a:mozilla:seamonkey:1.0:-:dev
  • Mozilla SeaMonkey 2.0.3
    cpe:2.3:a:mozilla:seamonkey:2.0.3
  • Mozilla SeaMonkey 2.0
    cpe:2.3:a:mozilla:seamonkey:2.0
  • Mozilla SeaMonkey 2.0 RC2
    cpe:2.3:a:mozilla:seamonkey:2.0:rc2
  • Mozilla SeaMonkey 2.0.4
    cpe:2.3:a:mozilla:seamonkey:2.0.4
  • Mozilla SeaMonkey 2.0 Alpha 2
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2
  • Mozilla SeaMonkey 2.0 Alpha 1
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1
  • Mozilla SeaMonkey 2.0 RC1
    cpe:2.3:a:mozilla:seamonkey:2.0:rc1
  • Mozilla SeaMonkey 2.0 Beta 2
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_2
  • Mozilla SeaMonkey 2.0 Beta 1
    cpe:2.3:a:mozilla:seamonkey:2.0:beta_1
  • Mozilla SeaMonkey 2.0 Alpha 3
    cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3
  • cpe:2.3:a:mozilla:seamonkey:1.0.99
    cpe:2.3:a:mozilla:seamonkey:1.0.99
  • Mozilla Seamonkey 1.1.19
    cpe:2.3:a:mozilla:seamonkey:1.1.19
  • Mozilla Seamonkey 1.1.18
    cpe:2.3:a:mozilla:seamonkey:1.1.18
  • Mozilla SeaMonkey 1.1.8
    cpe:2.3:a:mozilla:seamonkey:1.1.8
  • Mozilla SeaMonkey 2.0.8
    cpe:2.3:a:mozilla:seamonkey:2.0.8
  • Mozilla SeaMonkey 2.0.7
    cpe:2.3:a:mozilla:seamonkey:2.0.7
  • cpe:2.3:a:mozilla:seamonkey:2.0a1:-:pre
    cpe:2.3:a:mozilla:seamonkey:2.0a1:-:pre
  • cpe:2.3:a:mozilla:seamonkey:2.0a1pre
    cpe:2.3:a:mozilla:seamonkey:2.0a1pre
  • Mozilla Seamonkey 1.1.7
    cpe:2.3:a:mozilla:seamonkey:1.1.7
  • Mozilla SeaMonkey 2.1 alpha1
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha1
  • Mozilla SeaMonkey 2.1 alpha3
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha3
  • Mozilla SeaMonkey 2.1 alpha2
    cpe:2.3:a:mozilla:seamonkey:2.1:alpha2
  • Mozilla SeaMonkey 2.0.9
    cpe:2.3:a:mozilla:seamonkey:2.0.9
  • Mozilla SeaMonkey 2.3.3
    cpe:2.3:a:mozilla:seamonkey:2.3.3
  • Mozilla Seamonkey 1.1.6
    cpe:2.3:a:mozilla:seamonkey:1.1.6
  • Mozilla SeaMonkey 1.1.9
    cpe:2.3:a:mozilla:seamonkey:1.1.9
  • Mozilla SeaMonkey 2.0.10
    cpe:2.3:a:mozilla:seamonkey:2.0.10
  • Mozilla SeaMonkey 1.5.0.8
    cpe:2.3:a:mozilla:seamonkey:1.5.0.8
  • Mozilla SeaMonkey 1.5.0.9
    cpe:2.3:a:mozilla:seamonkey:1.5.0.9
  • Mozilla SeaMonkey 1.0.9
    cpe:2.3:a:mozilla:seamonkey:1.0.9
  • Mozilla SeaMonkey 1.0.8
    cpe:2.3:a:mozilla:seamonkey:1.0.8
  • Mozilla SeaMonkey 1.0.7
    cpe:2.3:a:mozilla:seamonkey:1.0.7
  • Mozilla SeaMonkey 1.0.6
    cpe:2.3:a:mozilla:seamonkey:1.0.6
  • Mozilla SeaMonkey 1.5.0.10
    cpe:2.3:a:mozilla:seamonkey:1.5.0.10
  • Mozilla Seamonkey 1.1.3
    cpe:2.3:a:mozilla:seamonkey:1.1.3
  • Mozilla Seamonkey 1.1.2
    cpe:2.3:a:mozilla:seamonkey:1.1.2
  • Mozilla SeaMonkey 1.1.13
    cpe:2.3:a:mozilla:seamonkey:1.1.13
  • Mozilla SeaMonkey 1.1
    cpe:2.3:a:mozilla:seamonkey:1.1
  • Mozilla SeaMonkey 1.0.1
    cpe:2.3:a:mozilla:seamonkey:1.0.1
  • Mozilla SeaMonkey 1.0
    cpe:2.3:a:mozilla:seamonkey:1.0
  • Mozilla SeaMonkey 1.1 beta
    cpe:2.3:a:mozilla:seamonkey:1.1:beta
  • Mozilla SeaMonkey 1.0.5
    cpe:2.3:a:mozilla:seamonkey:1.0.5
  • Mozilla SeaMonkey 1.0.4
    cpe:2.3:a:mozilla:seamonkey:1.0.4
  • Mozilla SeaMonkey 1.0.3
    cpe:2.3:a:mozilla:seamonkey:1.0.3
  • Mozilla SeaMonkey 1.0.2
    cpe:2.3:a:mozilla:seamonkey:1.0.2
  • Mozilla SeaMonkey 2.5
    cpe:2.3:a:mozilla:seamonkey:2.5
CVSS
Base: 7.5 (as of 21-12-2011 - 09:45)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1343-1.NASL
    description Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Thunderbird. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from Thunderbird in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Thunderbird when scaling an OGG
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 57686
    published 2012-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57686
    title Ubuntu 11.10 : thunderbird vulnerabilities (USN-1343-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1306-2.NASL
    description USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 57458
    published 2012-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57458
    title Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_SEAMONKEY-111221.NASL
    description seamonkey version 2.6 fixes several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation - MFSA 2011-58/CVE-2011-3665: Crash scaling
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75744
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75744
    title openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_9_0.NASL
    description The installed version of Firefox 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the 'SVG' implementation and can be triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. (CVE-2011-3658) - Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660) - An error exists in the 'YARR' regular expression library that can cause application crashes when handling certain JavaScript statements. (CVE-2011-3661) - It is possible to detect keystrokes using 'SVG' animation 'accesskey' events even when JavaScript is disabled. (CVE-2011-3663) - An error exists related to plugins that can allow a NULL pointer to be dereferenced when a plugin deletes its containing DOM frame during a call from that frame. It may be possible for a non-NULL pointer to be dereferenced thereby opening up the potential for further exploitation. (CVE-2011-3664) - It is possible to crash the application when 'OGG' 'video' elements are scaled to extreme sizes. (CVE-2011-3665) - A use-after-free error exists related to the function 'nsHTMLSelectElement' that can allow arbitrary code execution during operations such as removal of a parent node of an element. (CVE-2011-3671)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 57359
    published 2011-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57359
    title Firefox 8.x Multiple Vulnerabilities (Mac OS X)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_E3FF776B2BA611E193C60011856A6E37.NASL
    description The Mozilla Project reports : MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0) MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library MFSA 2011-55 nsSVGValue out-of-bounds access MFSA 2011-56 Key detection without JavaScript via SVG animation MFSA 2011-58 Crash scaling video to extreme sizes
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 57355
    published 2011-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57355
    title FreeBSD : mozilla -- multiple vulnerabilities (e3ff776b-2ba6-11e1-93c6-0011856a6e37)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1306-1.NASL
    description Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. (CVE-2011-3660) Aki Helin discovered a crash in the YARR regular expression library that could be triggered by JavaScript in web content. (CVE-2011-3661) It was discovered that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler. An attacker could potentially exploit this vulnerability to crash Firefox. (CVE-2011-3658) Mario Heiderich discovered it was possible to use SVG animation accessKey events to detect key strokes even when JavaScript was disabled. A malicious web page could potentially exploit this to trick a user into interacting with a prompt thinking it came from the browser in a context where the user believed scripting was disabled. (CVE-2011-3663) It was discovered that it was possible to crash Firefox when scaling an OGG
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 57457
    published 2012-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57457
    title Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1306-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_MOZILLAFIREFOX-111221.NASL
    description Mozilla Firefox Version 9 fixes several security issues : dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-MozillaFirefox-5577 MozillaFirefox-5577 new_updateinfo MFSA 2011-58/CVE-2011-3665: Crash scaling
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75950
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75950
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0039-2)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_9_0.NASL
    description The installed version of Thunderbird 8.x is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the 'SVG' implementation and can be triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. (CVE-2011-3658) - Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660) - An error exists in the 'YARR' regular expression library that can cause application crashes when handling certain JavaScript statements. (CVE-2011-3661) - It is possible to detect keystrokes using 'SVG' animation 'accesskey' events even when JavaScript is disabled. (CVE-2011-3663) - An error exists related to plugins that can allow a NULL pointer to be dereferenced when a plugin deletes its containing DOM frame during a call from that frame. It may be possible for a non-NULL pointer to be dereferenced thereby opening up the potential for further exploitation. (CVE-2011-3664) - It is possible to crash the application when 'OGG' 'video' elements are scaled to extreme sizes. (CVE-2011-3665) - A use-after-free error exists related to the function 'nsHTMLSelectElement' that can allow arbitrary code execution during operations such as removal of a parent node of an element. (CVE-2011-3671)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 57361
    published 2011-12-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57361
    title Thunderbird 8.x Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_SEAMONKEY-111221.NASL
    description seamonkey version 2.6 fixes several security issues : dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation dbg114-seamonkey-5574 new_updateinfo seamonkey-5574 MFSA 2011-58/CVE-2011-3665: Crash scaling
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76025
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76025
    title openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-192.NASL
    description Security issues were identified and fixed in mozilla firefox and thunderbird : The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements (CVE-2011-3658). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors (CVE-2011-3660). YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript (CVE-2011-3661). Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page by using SVG animation accessKey events within that web page (CVE-2011-3663). Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling (CVE-2011-3665).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 61940
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61940
    title Mandriva Linux Security Advisory : mozilla (MDVSA-2011:192)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_90.NASL
    description The installed version of Thunderbird is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the 'SVG' implementation and can be triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. (CVE-2011-3658) - Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660) - An error exists in the 'YARR' regular expression library that can cause application crashes when handling certain JavaScript statements. (CVE-2011-3661) - It is possible to detect keystrokes using 'SVG' animation 'accesskey' events even when JavaScript is disabled. (CVE-2011-3663) - It is possible to crash the application when 'OGG' 'video' elements are scaled to extreme sizes. (CVE-2011-3665) - A use-after-free error exists related to the function 'nsHTMLSelectElement' that can allow arbitrary code execution during operations such as removal of a parent node of an element. (CVE-2011-3671)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 57352
    published 2011-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57352
    title Mozilla Thunderbird < 9.0 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_90.NASL
    description The installed version of Firefox is earlier than 9.0 and thus, is potentially affected by the following security issues : - An out-of-bounds memory access error exists in the 'SVG' implementation and can be triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. (CVE-2011-3658) - Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660) - An error exists in the 'YARR' regular expression library that can cause application crashes when handling certain JavaScript statements. (CVE-2011-3661) - It is possible to detect keystrokes using 'SVG' animation 'accesskey' events even when JavaScript is disabled. (CVE-2011-3663) - It is possible to crash the application when 'OGG' 'video' elements are scaled to extreme sizes. (CVE-2011-3665) - A use-after-free error exists related to the function 'nsHTMLSelectElement' that can allow arbitrary code execution during operations such as removal of a parent node of an element. (CVE-2011-3671)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 57351
    published 2011-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57351
    title Firefox < 9.0 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201301-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 63402
    published 2013-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63402
    title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2011-101.NASL
    description Mozilla Firefox and Thunderbird version 9 and seamonkey version 2.6 updates fix several security issues : - MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards - MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library - MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access - MFSA 2011-56/CVE-2011-3663: Key detection without JavaScript via SVG animation - MFSA 2011-58/CVE-2011-3665: Crash scaling video elements to extreme sizes
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 74515
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74515
    title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-2011-101)
  • NASL family Windows
    NASL id SEAMONKEY_26.NASL
    description The installed version of SeaMonkey is earlier than 2.6.0. Such versions are potentially affected by the following security issues : - An out-of-bounds memory access error exists in the 'SVG' implementation and can be triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. (CVE-2011-3658) - Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660) - An error exists in the 'YARR' regular expression library that can cause application crashes when handling certain JavaScript statements. (CVE-2011-3661) - It is possible to detect keystrokes using 'SVG' animation 'accesskey' events even when JavaScript is disabled. (CVE-2011-3663) - It is possible to crash the application when 'OGG' 'video' elements are scaled to extreme sizes. (CVE-2011-3665) - A use-after-free error exists related to the function 'nsHTMLSelectElement' that can allow arbitrary code execution during operations such as removal of a parent node of an element. (CVE-2011-3671)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 57353
    published 2011-12-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57353
    title SeaMonkey < 2.6.0 Multiple Vulnerabilities
oval via4
accepted 2014-10-06T04:01:36.505-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Scott Quint
    organization DTCC
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
description Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.
family windows
id oval:org.mitre.oval:def:14640
status accepted
submitted 2011-12-30T14:36:33.000-05:00
title Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.
version 36
refmap via4
confirm
mandriva MDVSA-2011:192
osvdb 77956
sectrack
  • 1026445
  • 1026446
  • 1026447
secunia
  • 47302
  • 47334
suse
  • openSUSE-SU-2012:0007
  • openSUSE-SU-2012:0039
xf firefox-ogg-dos(71913)
Last major update 26-01-2012 - 23:02
Published 20-12-2011 - 23:02
Last modified 18-09-2017 - 21:34
Back to Top