CVE-2011-3666Use After Free in Mozilla Firefox

CWE-416Use After Free4 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 43.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedDec 21
Latest updateAug 22

Description

Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDmozilla/firefox3.6.24+125
NVDmozilla/thunderbird3.1.16+92

🔴Vulnerability Details

1
GHSA
GHSA-97c6-9gg8-w889: Mozilla Firefox before 32022-05-17

📋Vendor Advisories

2
Red Hat
kernel: netfilter: nf_tables: unregister flowtable hooks on netns exit2024-08-22
Red Hat
Mozilla: Multiple security flaws fixed in v3.6.25 (Mac) and v92011-12-20