CVE-2011-3650

HIGH

Description

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

http://www.mozilla.org/security/announce/2011/mfsa2011-49.html

http://www.redhat.com/support/errata/RHSA-2011-1439.html

https://bugzilla.mozilla.org/show_bug.cgi?id=674776

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13870

Details

Source: MITRE

Published: 2011-11-09

Updated: 2017-09-19

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH