Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-3658 — Mozilla Firefox vulnerability

CWE-39911 documents7 sources

Severity

7.5HIGHNVD

EPSS

75.9%

top 1.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedDec 21

Latest updateMay 14

Description

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox8.0

▶NVDmozilla/seamonkey2.5

▶NVDmozilla/thunderbird8.0

🔴Vulnerability Details

GHSA

GHSA-pmq4-qjc4-mpxw: The SVG implementation in Mozilla Firefox 8↗2022-05-14

▶

CVEList

CVE-2011-3658: The SVG implementation in Mozilla Firefox 8↗2011-12-21

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox 7 / 8 < 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit)↗2012-05-09

▶

Metasploit

Firefox nsSVGValue Out-of-Bounds Access Vulnerability↗

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-03-23

▶

Ubuntu

Xulrunner vulnerabilities↗2012-03-19

▶

Ubuntu

Thunderbird vulnerabilities↗2012-01-24

▶

Ubuntu

Mozvoikko and ubufox update↗2012-01-06

▶

Ubuntu

Firefox vulnerabilities↗2012-01-06

▶