CVE-2011-2374 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection13 documents5 sources

Severity

10.0CRITICALNVD

NVD4.3

EPSS

4.0%

top 11.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJun 30

Latest updateMay 17

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.6.17+106

▶NVDmozilla/thunderbird3.1.10+82

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-8jc9-3jcx-j7x6: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3↗2022-05-17

▶

GHSA

GHSA-m4ch-8pc5-rpx2: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2011-07-15

▶

Ubuntu

Firefox regression↗2011-06-29

▶

Ubuntu

Firefox regression↗2011-06-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-06-22

▶

Ubuntu

mozvoikko, ubufox, webfav update↗2011-06-22

▶

💬Community

Bugzilla

CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2605 Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)↗2011-06-20

▶