CVE-2011-2998

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
mozillafirefox
3.6
mozillafirefox
3.6.2
mozillafirefox
3.6.3
mozillafirefox
3.6.4
mozillafirefox
3.6.6
mozillafirefox
3.6.7
mozillafirefox
3.6.8
mozillafirefox
3.6.9
mozillafirefox
3.6.10
mozillafirefox
3.6.11
mozillafirefox
3.6.12
mozillafirefox
3.6.13
mozillafirefox
3.6.14
mozillafirefox
3.6.15
mozillafirefox
3.6.16
mozillafirefox
3.6.17
mozillafirefox
3.6.18
mozillafirefox
3.6.19
mozillafirefox
3.6.20
mozillafirefox
3.6.21
mozillafirefox
3.6.22
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
natty
not-affected
maverick
Fixed 3.6.23+build1+nobinonly-0ubuntu0.10.04.1
released
lucid
Fixed 3.6.23+build1+nobinonly-0ubuntu0.10.04.1
released
hardy
ignored
xulrunner-1.9.2
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
xulrunner-2.0
natty
ignored
maverick
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://www.debian.org/security/2011/dsa-2312
http://www.debian.org/security/2011/dsa-2313
http://www.debian.org/security/2011/dsa-2317
http://www.mandriva.com/security/advisories?name=MDVSA-2011:139
http://www.mandriva.com/security/advisories?name=MDVSA-2011:140
http://www.mandriva.com/security/advisories?name=MDVSA-2011:141
http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
http://www.redhat.com/support/errata/RHSA-2011-1341.html
https://bugzilla.mozilla.org/show_bug.cgi?id=684815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://www.debian.org/security/2011/dsa-2312
http://www.debian.org/security/2011/dsa-2313
http://www.debian.org/security/2011/dsa-2317
http://www.mandriva.com/security/advisories?name=MDVSA-2011:139
http://www.mandriva.com/security/advisories?name=MDVSA-2011:140
http://www.mandriva.com/security/advisories?name=MDVSA-2011:141
http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
http://www.redhat.com/support/errata/RHSA-2011-1341.html
https://bugzilla.mozilla.org/show_bug.cgi?id=684815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012