CVE-2011-0066 — Use After Free in Mozilla Firefox

CWE-399 CWE-416 — Use After Free10 documents6 sources

Severity

10.0CRITICALNVD

EPSS

5.6%

top 9.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedMay 7

Latest updateMay 17

Description

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.18+102

▶NVDmozilla/seamonkey2.0.13+46

🔴Vulnerability Details

GHSA

GHSA-7c8x-pggq-qrgr: Use-after-free vulnerability in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2011-0066: Use-after-free vulnerability in Mozilla Firefox before 3↗2011-05-07

▶

📋Vendor Advisories

Ubuntu

Thunderbird regression↗2011-06-06

▶

Ubuntu

Thunderbird vulnerabilities↗2011-05-05

▶

Ubuntu

Thunderbird vulnerabilities↗2011-05-05

▶

Ubuntu

Xulrunner vulnerabilities↗2011-04-30

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-04-29

▶

💬Community

Bugzilla

CVE-2011-0066 Mozilla mObserverList use after free (MFSA 2011-13)↗2011-04-28

▶