CVE-2011-3232 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection5 documents4 sources

Severity

9.3CRITICALNVD

EPSS

7.7%

top 8.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedSep 29

Latest updateMay 17

Description

YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox3.6.22+24

▶NVDmozilla/seamonkey2.3.3+52

▶NVDmozilla/thunderbird6.0.2+97

🔴Vulnerability Details

GHSA

GHSA-335v-rqwj-xj3w: YARR, as used in Mozilla Firefox before 7↗2022-05-17

▶

CVEList

CVE-2011-3232: YARR, as used in Mozilla Firefox before 7↗2011-09-29

▶

📋Vendor Advisories

Ubuntu

Mozvoikko, ubufox, webfav update↗2011-10-04

▶

Ubuntu

Firefox vulnerabilities↗2011-09-29

▶