Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0073Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation13 documents8 sources
Severity
10.0CRITICALNVD
EPSS
81.2%
top 0.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedMay 7
Latest updateMay 17

Description

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox3.5.18+102
NVDmozilla/seamonkey2.0.13+46

🔴Vulnerability Details

2
GHSA
GHSA-rcq6-xcmq-vpwm: Mozilla Firefox before 32022-05-17
CVEList
CVE-2011-0073: Mozilla Firefox before 32011-05-07

💥Exploits & PoCs

3
Exploit-DB
Mozilla Firefox - 'nsTreeRange' Dangling Pointer (Metasploit) (1)2011-07-10
Exploit-DB
Mozilla Firefox - 'nsTreeRange' Dangling Pointer (2)2011-06-20
Metasploit
Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability

📋Vendor Advisories

6
Ubuntu
Thunderbird regression2011-06-06
Ubuntu
Thunderbird vulnerabilities2011-05-05
Ubuntu
Thunderbird vulnerabilities2011-05-05
Ubuntu
Xulrunner vulnerabilities2011-04-30
Ubuntu
Firefox and Xulrunner vulnerabilities2011-04-29

💬Community

1
Bugzilla
CVE-2011-0073 Mozilla dangling pointer flaw (MFSA 2011-13)2011-04-28
CVE-2011-0073 — Improper Input Validation in Mozilla | cvebase