CVE-2011-2987Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Thunderbird

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
10.0CRITICALNVD
EPSS
10.0%
top 6.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla ThunderbirdMozilla FirefoxMozilla Seamonkey
Timeline
PublishedAug 18
Latest updateMay 17

Description

Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox4.0, 4.0.1, 5.0+2
NVDmozilla/seamonkey46 versions+45

🔴Vulnerability Details

2
GHSA
GHSA-vcmp-g8vf-9cw9: Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 42022-05-17
CVEList
CVE-2011-2987: Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 42011-08-18

📋Vendor Advisories

3
Ubuntu
Libvoikko regression2011-10-19
Ubuntu
Firefox vulnerabilities2011-08-17
Ubuntu
Mozvoikko update2011-08-17
CVE-2011-2987 — Mozilla Thunderbird vulnerability | cvebase