Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0065Use After Free in Mozilla Firefox

CWE-399CWE-416Use After Free17 documents9 sources
Severity
10.0CRITICALNVD
EPSS
83.3%
top 0.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedMay 7
Latest updateMay 3

Description

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox3.5.18+102
NVDmozilla/seamonkey2.0.13+46

🔴Vulnerability Details

2
GHSA
GHSA-j27m-p5vq-3f4g: Use-after-free vulnerability in Mozilla Firefox before 32022-05-03
CVEList
CVE-2011-0065: Use-after-free vulnerability in Mozilla Firefox before 32011-05-07

💥Exploits & PoCs

6
Exploit-DB
Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2)2012-01-17
Exploit-DB
Mozilla Firefox 3.6.16 (Windows 7) - mChannel Object Use-After-Free2011-08-16
Exploit-DB
Mozilla Firefox 3.6.16 (Windows) - mChannel Use-After-Free (Metasploit) (1)2011-08-10
Exploit-DB
Mozilla Firefox 3.6.16 - OBJECT mChannel Remote Code Execution (DEP Bypass) (Metasploit)2011-08-05
Metasploit
Mozilla Firefox 3.6.16 mChannel Use-After-Free

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Mozilla Firefox mChannel Object Dangling Pointer Use-After-Free Memory Corruption Attempt2011-08-18

📋Vendor Advisories

6
Ubuntu
Thunderbird regression2011-06-06
Ubuntu
Thunderbird vulnerabilities2011-05-05
Ubuntu
Thunderbird vulnerabilities2011-05-05
Ubuntu
Xulrunner vulnerabilities2011-04-30
Ubuntu
Firefox and Xulrunner vulnerabilities2011-04-29

💬Community

1
Bugzilla
CVE-2011-0065 Mozilla mChannel use after free (MFSA 2011-13)2011-04-28
CVE-2011-0065 — Use After Free in Mozilla Firefox | cvebase