Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-2371 — Integer Overflow or Wraparound in Mozilla Firefox

CWE-189 CWE-190 — Integer Overflow or Wraparound19 documents9 sources

Severity

10.0CRITICALNVD

EPSS

86.2%

top 0.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey

Timeline

PublishedJun 30

Latest updateMay 17

Description

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.6.17+106

▶NVDmozilla/thunderbird3.1.10+82

▶NVDmozilla/seamonkey48 versions+47

🔴Vulnerability Details

GHSA

GHSA-2ph2-r6cr-hgrj: Integer overflow in the Array↗2022-05-17

▶

CVEList

CVE-2011-2371: Integer overflow in the Array↗2011-06-30

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 4.0.1 - 'Array.reduceRight()' Remote Overflow↗2012-02-27

▶

Exploit-DB

Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (Metasploit) (2)↗2011-10-13

▶

Exploit-DB

Mozilla Firefox - 'Array.reduceRight()' Integer Overflow (1)↗2011-10-12

▶

Metasploit

Mozilla Firefox Array.reduceRight() Integer Overflow↗

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2011-07-15

▶

Ubuntu

Firefox regression↗2011-06-29

▶

Ubuntu

Firefox regression↗2011-06-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-06-22

▶

Ubuntu

mozvoikko, ubufox, webfav update↗2011-06-22

▶

🕵️Threat Intelligence

Trendmicro

Analysis: Firefox Array.reduceRight() Vulnerability↗2011-10-28

▶

Trendmicro

Analysis: Firefox Array.reduceRight() Vulnerability↗2011-10-28

▶

Trendmicro

Analysis: Firefox Array.reduceRight() Vulnerability↗2011-10-28

▶

Trendmicro

Analysis: Firefox Array.reduceRight() Vulnerability↗2011-10-28

▶

💬Community

Bugzilla

CVE-2011-2371 Mozilla Integer overflow and arbitrary code execution (MFSA 2011-22)↗2011-06-20

▶