CVE-2011-0084

HIGH

Description

The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

ID	Name	Product	Family	Severity
76020	openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)	Nessus	SuSE Local Security Checks	critical
75966	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5050)	Nessus	SuSE Local Security Checks	critical
75958	openSUSE Security Update : mozilla-js192 (mozilla-js192-5010)	Nessus	SuSE Local Security Checks	critical
75945	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0957-2)	Nessus	SuSE Local Security Checks	critical
75739	openSUSE Security Update : seamonkey (openSUSE-SU-2011:0957-1)	Nessus	SuSE Local Security Checks	critical
75666	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2011:0935-2)	Nessus	SuSE Local Security Checks	critical
75654	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:0958-1)	Nessus	SuSE Local Security Checks	critical
68328	Oracle Linux 6 : thunderbird (ELSA-2011-1166)	Nessus	Oracle Linux Local Security Checks	critical
68326	Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1164)	Nessus	Oracle Linux Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
61115	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
61112	Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
57150	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7713)	Nessus	SuSE Local Security Checks	critical
56562	Ubuntu 11.04 : libvoikko regression (USN-1192-3)	Nessus	Ubuntu Local Security Checks	critical
56005	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7712)	Nessus	SuSE Local Security Checks	critical
56003	SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5057)	Nessus	SuSE Local Security Checks	critical
55982	Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1185-1)	Nessus	Ubuntu Local Security Checks	critical
55942	Debian DSA-2297-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
55921	Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1184-1)	Nessus	Ubuntu Local Security Checks	critical
801346	Mozilla Firefox 5.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801343	Mozilla Firefox 3.6 < 3.6.20 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801272	Mozilla SeaMonkey 2.x < 2.3.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801266	Mozilla Thunderbird 5 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801256	Mozilla Thunderbird 3.1 < 3.1.12 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
55902	Firefox < 6.0 Multiple Vulnerabilities	Nessus	Windows	high
55901	Firefox 3.6 < 3.6.20 Multiple Vulnerabilities	Nessus	Windows	high
55899	Ubuntu 11.04 : mozvoikko update (USN-1192-2)	Nessus	Ubuntu Local Security Checks	critical
55898	Ubuntu 11.04 : firefox vulnerabilities (USN-1192-1)	Nessus	Ubuntu Local Security Checks	critical
55894	Mandriva Linux Security Advisory : mozilla (MDVSA-2011:127)	Nessus	Mandriva Local Security Checks	critical
55889	Debian DSA-2296-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
55888	Debian DSA-2295-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	critical
6012	SeaMonkey 2.x < 2.3.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6011	Mozilla Thunderbird 3.1.x < 3.1.12 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6010	Mozilla Thunderbird < 6.0 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6009	Mozilla Firefox 3.6.x < 3.6.20 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6008	Mozilla Firefox < 6.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
55887	Mozilla Thunderbird < 6.0 Multiple Vulnerabilities	Nessus	Windows	critical
55886	Mozilla Thunderbird 3.1 < 3.1.12 Multiple Vulnerabilities	Nessus	Windows	critical
55885	SeaMonkey < 2.3.0 Multiple Vulnerabilities	Nessus	Windows	high
55881	RHEL 6 : thunderbird (RHSA-2011:1166)	Nessus	Red Hat Local Security Checks	critical
55879	RHEL 4 / 5 / 6 : firefox (RHSA-2011:1164)	Nessus	Red Hat Local Security Checks	critical
55878	FreeBSD : mozilla -- multiple vulnerabilities (834591a9-c82f-11e0-897d-6c626dd55a41)	Nessus	FreeBSD Local Security Checks	critical
55862	CentOS 4 / 5 : firefox / xulrunner (CESA-2011:1164)	Nessus	CentOS Local Security Checks	critical

CVE-2011-0084

Description

References

Details

Risk Information

CVSS v2.0