CVE-2011-2998

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://www.debian.org/security/2011/dsa-2312

http://www.debian.org/security/2011/dsa-2313

http://www.debian.org/security/2011/dsa-2317

http://www.mandriva.com/security/advisories?name=MDVSA-2011:139

http://www.mandriva.com/security/advisories?name=MDVSA-2011:140

http://www.mandriva.com/security/advisories?name=MDVSA-2011:141

http://www.mozilla.org/security/announce/2011/mfsa2011-37.html

http://www.redhat.com/support/errata/RHSA-2011-1341.html

https://bugzilla.mozilla.org/show_bug.cgi?id=684815

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012

Details

Source: MITRE

Published: 2011-09-30

Updated: 2017-09-19

Type: CWE-189

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
80784Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird3)NessusSolaris Local Security Checks
critical
76024openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)NessusSuSE Local Security Checks
critical
75743openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)NessusSuSE Local Security Checks
critical
74542openSUSE Security Update : firefox / thunderbird (openSUSE-2011-9)NessusSuSE Local Security Checks
critical
68362Oracle Linux 4 : seamonkey (ELSA-2011-1344)NessusOracle Linux Local Security Checks
critical
68361Oracle Linux 4 : thunderbird (ELSA-2011-1343)NessusOracle Linux Local Security Checks
critical
68360Oracle Linux 6 : thunderbird (ELSA-2011-1342)NessusOracle Linux Local Security Checks
critical
68359Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1341)NessusOracle Linux Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
61929Mandriva Linux Security Advisory : firefox (MDVSA-2011:141)NessusMandriva Local Security Checks
critical
61146Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
61145Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
61144Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
61143Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
57226SuSE 10 Security Update : mozilla-nss (ZYPP Patch Number 7842) (BEAST)NessusSuSE Local Security Checks
critical
57084SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5429)NessusSuSE Local Security Checks
critical
56395Debian DSA-2317-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
56376Firefox 3.6 < 3.6.23 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
56374Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:140)NessusMandriva Local Security Checks
critical
56373Mandriva Linux Security Advisory : firefox (MDVSA-2011:139)NessusMandriva Local Security Checks
critical
56340Debian DSA-2313-1 : iceweasel - several vulnerabilitiesNessusDebian Local Security Checks
critical
56339Debian DSA-2312-1 : iceape - several vulnerabilitiesNessusDebian Local Security Checks
critical
56338CentOS 4 : seamonkey (CESA-2011:1344)NessusCentOS Local Security Checks
critical
56334Firefox 3.6.x < 3.6.23 Multiple VulnerabilitiesNessusWindows
high
56329RHEL 4 : seamonkey (RHSA-2011:1344)NessusRed Hat Local Security Checks
critical
56328RHEL 4 / 5 : thunderbird (RHSA-2011:1343)NessusRed Hat Local Security Checks
critical
56327RHEL 6 : thunderbird (RHSA-2011:1342)NessusRed Hat Local Security Checks
critical
56326RHEL 4 / 5 / 6 : firefox (RHSA-2011:1341)NessusRed Hat Local Security Checks
critical
56312CentOS 4 / 5 : thunderbird (CESA-2011:1343)NessusCentOS Local Security Checks
critical
56311CentOS 4 / 5 : firefox (CESA-2011:1341)NessusCentOS Local Security Checks
critical