CVE-2011-0055Use After Free in Mozilla Firefox

CWE-399CWE-416Use After Free8 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.1%
top 13.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedMar 2
Latest updateMay 3

Description

Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox3.5.16+97
NVDmozilla/seamonkey2.0.11+44

🔴Vulnerability Details

2
GHSA
GHSA-p2xj-mgm6-jm2x: Use-after-free vulnerability in the JSON2022-05-03
CVEList
CVE-2011-0055: Use-after-free vulnerability in the JSON2011-03-02

📋Vendor Advisories

4
Ubuntu
Xulrunner vulnerabilities2011-04-30
Ubuntu
Firefox and Xulrunner regression2011-03-07
Ubuntu
Firefox and Xulrunner vulnerabilities2011-03-03
Red Hat
Mozilla use-after-free error in JSON.stringify (MFSA2011-03)2011-03-01

💬Community

1
Bugzilla
CVE-2011-0055 Mozilla use-after-free error in JSON.stringify (MFSA2011-03)2011-02-04
CVE-2011-0055 — Use After Free in Mozilla Firefox | cvebase