CVE-2011-0058 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources

Severity

10.0CRITICALNVD

EPSS

7.8%

top 8.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedMar 2

Latest updateMay 3

Description

Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.16+97

▶NVDmozilla/seamonkey2.0.11+44

🔴Vulnerability Details

GHSA

GHSA-m728-52w7-3gvf: Buffer overflow in Mozilla Firefox before 3↗2022-05-03

▶

CVEList

CVE-2011-0058: Buffer overflow in Mozilla Firefox before 3↗2011-03-02

▶

📋Vendor Advisories

Ubuntu

Xulrunner vulnerabilities↗2011-04-30

▶

Ubuntu

Firefox and Xulrunner regression↗2011-03-07

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-03-03

▶

Red Hat

Mozilla memory corruption during text run construction (MFSA 2011-07)↗2011-03-01

▶

💬Community

Bugzilla

CVE-2011-4609 glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error↗2011-12-13

▶

Bugzilla

CVE-2011-0058 Mozilla memory corruption during text run construction (MFSA 2011-07)↗2011-02-04

▶