CVE-2011-3005Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Seamonkey

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
9.3CRITICALNVD
EPSS
4.3%
top 11.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla SeamonkeyMozilla ThunderbirdMozilla Firefox
Timeline
PublishedSep 29
Latest updateMay 17

Description

Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/seamonkey2.3.3+52
NVDmozilla/thunderbird6.0.2+97
NVDmozilla/firefox4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-7j6v-f9wh-fxh8: Use-after-free vulnerability in Mozilla Firefox 42022-05-17
CVEList
CVE-2011-3005: Use-after-free vulnerability in Mozilla Firefox 42011-09-29

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Server 2003 - AD BROWSER ELECTION Remote Heap Overflow2011-02-14

📋Vendor Advisories

2
Ubuntu
Mozvoikko, ubufox, webfav update2011-10-04
Ubuntu
Firefox vulnerabilities2011-09-29
CVE-2011-3005 — Mozilla Seamonkey vulnerability | cvebase