CVE-2011-0057 — Use After Free in Mozilla Firefox

CWE-399 CWE-416 — Use After Free9 documents6 sources

Severity

10.0CRITICALNVD

EPSS

3.8%

top 11.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedMar 2

Latest updateMay 3

Description

Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.16+97

▶NVDmozilla/seamonkey2.0.11+44

🔴Vulnerability Details

GHSA

GHSA-jprh-98m7-3422: Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3↗2022-05-03

▶

CVEList

CVE-2011-0057: Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3↗2011-03-02

▶

📋Vendor Advisories

Ubuntu

Xulrunner vulnerabilities↗2011-04-30

▶

Ubuntu

Firefox and Xulrunner regression↗2011-03-07

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-03-03

▶

Red Hat

Mozilla use-after-free error using Web Workers (MFSA 2011-06)↗2011-03-01

▶

💬Community

Bugzilla

CVE-2011-3351 openvas-scanner: Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled↗2011-09-07

▶

Bugzilla

CVE-2011-0057 Mozilla use-after-free error using Web Workers (MFSA 2011-06)↗2011-02-04

▶