CVE-2011-2998

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mozillafirefox
3.6
mozillafirefox
3.6.2
mozillafirefox
3.6.3
mozillafirefox
3.6.4
mozillafirefox
3.6.6
mozillafirefox
3.6.7
mozillafirefox
3.6.8
mozillafirefox
3.6.9
mozillafirefox
3.6.10
mozillafirefox
3.6.11
mozillafirefox
3.6.12
mozillafirefox
3.6.13
mozillafirefox
3.6.14
mozillafirefox
3.6.15
mozillafirefox
3.6.16
mozillafirefox
3.6.17
mozillafirefox
3.6.18
mozillafirefox
3.6.19
mozillafirefox
3.6.20
mozillafirefox
3.6.21
mozillafirefox
3.6.22
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
hardy
ignored
lucid
Fixed 3.6.23+build1+nobinonly-0ubuntu0.10.04.1
released
maverick
Fixed 3.6.23+build1+nobinonly-0ubuntu0.10.04.1
released
natty
not-affected
xulrunner-1.9.2
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
xulrunner-2.0
hardy
dne
lucid
dne
maverick
dne
natty
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://www.debian.org/security/2011/dsa-2312
http://www.debian.org/security/2011/dsa-2313
http://www.debian.org/security/2011/dsa-2317
http://www.mandriva.com/security/advisories?name=MDVSA-2011:139
http://www.mandriva.com/security/advisories?name=MDVSA-2011:140
http://www.mandriva.com/security/advisories?name=MDVSA-2011:141
http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
http://www.redhat.com/support/errata/RHSA-2011-1341.html
https://bugzilla.mozilla.org/show_bug.cgi?id=684815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://www.debian.org/security/2011/dsa-2312
http://www.debian.org/security/2011/dsa-2313
http://www.debian.org/security/2011/dsa-2317
http://www.mandriva.com/security/advisories?name=MDVSA-2011:139
http://www.mandriva.com/security/advisories?name=MDVSA-2011:140
http://www.mandriva.com/security/advisories?name=MDVSA-2011:141
http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
http://www.redhat.com/support/errata/RHSA-2011-1341.html
https://bugzilla.mozilla.org/show_bug.cgi?id=684815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012