CVE-2011-2373 — Use After Free in Mozilla Firefox

CWE-399 CWE-416 — Use After Free11 documents6 sources

Severity

7.6HIGHNVD

EPSS

3.6%

top 12.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey

Timeline

PublishedJun 30

Latest updateMay 17

Description

Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.6.17+106

▶NVDmozilla/thunderbird3.1.10+82

▶NVDmozilla/seamonkey48 versions+47

🔴Vulnerability Details

GHSA

GHSA-2g6x-7c5j-qpjf: Use-after-free vulnerability in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2011-2373: Use-after-free vulnerability in Mozilla Firefox before 3↗2011-06-30

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2011-07-15

▶

Ubuntu

Firefox regression↗2011-06-29

▶

Ubuntu

Firefox regression↗2011-06-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-06-22

▶

Ubuntu

mozvoikko, ubufox, webfav update↗2011-06-22

▶

💬Community

Bugzilla

CVE-2011-2373 Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20)↗2011-06-20

▶