CVE-2011-3658

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
mozillafirefox
8.0
mozillaseamonkey
2.5
mozillathunderbird
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
Fixed 9.0.1+build1-0ubuntu0.11.10.2
released
natty
Fixed 9.0.1+build1-0ubuntu0.11.04.1
released
maverick
ignored
lucid
Fixed
released
hardy
ignored
seamonkey
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
thunderbird
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
Fixed 9.0+build2-0ubuntu0.11.10.1
released
natty
Fixed 3.1.20+build1+nobinonly-0ubuntu0.11.04.1
released
maverick
Fixed 3.1.20+build1+nobinonly-0ubuntu0.10.10.1
released
lucid
Fixed 3.1.20+build1+nobinonly-0ubuntu0.10.04.1
released
hardy
ignored
xulrunner-1.9.2
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
Fixed 1.9.2.28+build1+nobinonly-0ubuntu0.11.04.1
released
maverick
Fixed 1.9.2.28+build1+nobinonly-0ubuntu0.10.10.1
released
lucid
Fixed 1.9.2.28+build1+nobinonly-0ubuntu0.10.04.1
released
hardy
ignored
xulrunner-2.0
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
ignored
maverick
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
http://osvdb.org/77953
http://secunia.com/advisories/47302
http://secunia.com/advisories/47334
http://secunia.com/advisories/48495
http://secunia.com/advisories/48553
http://secunia.com/advisories/48823
http://secunia.com/advisories/49055
http://www.mandriva.com/security/advisories?name=MDVSA-2011:192
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
http://www.mozilla.org/security/announce/2011/mfsa2011-55.html
http://www.securitytracker.com/id?1026445
http://www.securitytracker.com/id?1026446
http://www.securitytracker.com/id?1026447
http://www.ubuntu.com/usn/USN-1401-1
https://bugzilla.mozilla.org/show_bug.cgi?id=708186
https://exchange.xforce.ibmcloud.com/vulnerabilities/71910
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14664
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
http://osvdb.org/77953
http://secunia.com/advisories/47302
http://secunia.com/advisories/47334
http://secunia.com/advisories/48495
http://secunia.com/advisories/48553
http://secunia.com/advisories/48823
http://secunia.com/advisories/49055
http://www.mandriva.com/security/advisories?name=MDVSA-2011:192
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
http://www.mozilla.org/security/announce/2011/mfsa2011-55.html
http://www.securitytracker.com/id?1026445
http://www.securitytracker.com/id?1026446
http://www.securitytracker.com/id?1026447
http://www.ubuntu.com/usn/USN-1401-1
https://bugzilla.mozilla.org/show_bug.cgi?id=708186
https://exchange.xforce.ibmcloud.com/vulnerabilities/71910
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14664