CVE-2011-2378 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection7 documents6 sources

Severity

10.0CRITICALNVD

EPSS

5.0%

top 10.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedAug 18

Latest updateMay 17

Description

The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.6.19+106

▶NVDmozilla/seamonkey16 versions+15

▶NVDmozilla/thunderbird22 versions+21

🔴Vulnerability Details

GHSA

GHSA-q8vw-h86h-vfj9: The appendChild function in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2011-2378: The appendChild function in Mozilla Firefox before 3↗2011-08-18

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2011-08-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2011-08-19

▶

Red Hat

Mozilla: Dangling pointer vulnerability in appendChild↗2011-08-16

▶

💬Community

Bugzilla

CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild↗2011-08-14

▶