CVE-2011-3650

HIGH

Description

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

ID	Name	Product	Family	Severity
9377	Mozilla Firefox < 3.6.24 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
80783	Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird2)	Nessus	Solaris Local Security Checks	critical
80608	Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_mozilla_firefox1)	Nessus	Solaris Local Security Checks	critical
76024	openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)	Nessus	SuSE Local Security Checks	critical
75949	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)	Nessus	SuSE Local Security Checks	critical
75743	openSUSE Security Update : seamonkey (openSUSE-SU-2011:1290-1)	Nessus	SuSE Local Security Checks	critical
75657	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1242-1)	Nessus	SuSE Local Security Checks	high
74542	openSUSE Security Update : firefox / thunderbird (openSUSE-2011-9)	Nessus	SuSE Local Security Checks	critical
74522	openSUSE Security Update : seamonkey (openSUSE-2011-34)	Nessus	SuSE Local Security Checks	critical
68386	Oracle Linux 6 : thunderbird (ELSA-2011-1439)	Nessus	Oracle Linux Local Security Checks	high
68384	Oracle Linux 4 / 5 / 6 : firefox (ELSA-2011-1437)	Nessus	Oracle Linux Local Security Checks	high
801321	Mozilla Firefox 7.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801281	Mozilla Thunderbird 7.0 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
6789	Mozilla Thunderbird < 8.0 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6788	Mozilla Firefox < 8.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
61174	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
61170	Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
57393	Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1254-1)	Nessus	Ubuntu Local Security Checks	high
57226	SuSE 10 Security Update : mozilla-nss (ZYPP Patch Number 7842) (BEAST)	Nessus	SuSE Local Security Checks	critical
57153	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 7844)	Nessus	SuSE Local Security Checks	high
57084	SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5429)	Nessus	SuSE Local Security Checks	critical
56969	Ubuntu 11.10 : thunderbird vulnerabilities (USN-1282-1)	Nessus	Ubuntu Local Security Checks	critical
56945	Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1277-2)	Nessus	Ubuntu Local Security Checks	critical
56944	Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1277-1)	Nessus	Ubuntu Local Security Checks	critical
56786	Debian DSA-2345-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	high
56781	CentOS 4 / 5 : firefox (CESA-2011:1437)	Nessus	CentOS Local Security Checks	high
56775	Ubuntu 10.04 LTS / 10.10 : firefox, xulrunner-1.9.2 vulnerabilities (USN-1251-1)	Nessus	Ubuntu Local Security Checks	high
56765	Mandriva Linux Security Advisory : mozilla (MDVSA-2011:169)	Nessus	Mandriva Local Security Checks	critical
56762	FreeBSD : mozilla -- multiple vulnerabilities (6c8ad3e8-0a30-11e1-9580-4061862b8c22)	Nessus	FreeBSD Local Security Checks	critical
56760	Debian DSA-2342-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	high
56759	Debian DSA-2341-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	high
56758	Thunderbird 7.x Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
56757	Thunderbird 3.1 < 3.1.16 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
56756	Firefox < 8.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
56755	Firefox 3.6 < 3.6.24 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
56753	Mozilla Thunderbird < 8.0 Multiple Vulnerabilities	Nessus	Windows	high
56752	Mozilla Thunderbird 3.1.x < 3.1.16 Multiple Vulnerabilities	Nessus	Windows	high
56751	Firefox < 8.0 Multiple Vulnerabilities	Nessus	Windows	high
56750	Firefox 3.6.x < 3.6.24 Multiple Vulnerabilities	Nessus	Windows	high
56743	RHEL 6 : thunderbird (RHSA-2011:1439)	Nessus	Red Hat Local Security Checks	high
56741	RHEL 4 / 5 / 6 : firefox (RHSA-2011:1437)	Nessus	Red Hat Local Security Checks	high

CVE-2011-3650

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins

high

critical

critical

critical

critical

critical

high

critical

critical

high

high

high

high

high

high

critical

high

high

high

critical

high

critical

critical

critical

critical

high

high

high

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high