CVE-2011-0085 — Mozilla Firefox vulnerability

CWE-3998 documents6 sources

Severity

10.0CRITICALNVD

EPSS

3.3%

top 12.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey

Timeline

PublishedJun 30

Latest updateMay 17

Description

Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.6.17+104

▶NVDmozilla/thunderbird3.1.10+82

▶NVDmozilla/seamonkey48 versions+47

🔴Vulnerability Details

GHSA

GHSA-mvwq-v22m-89qj: Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2011-0085: Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3↗2011-06-30

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2011-07-15

▶

Ubuntu

Firefox regression↗2011-06-29

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-06-22

▶

Red Hat

Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)↗2011-06-21

▶

💬Community

Bugzilla

CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)↗2011-06-20

▶