CVE-2011-3658

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.

References

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html

http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html

http://osvdb.org/77953

http://secunia.com/advisories/47302

http://secunia.com/advisories/47334

http://secunia.com/advisories/48495

http://secunia.com/advisories/48553

http://secunia.com/advisories/48823

http://secunia.com/advisories/49055

http://www.mandriva.com/security/advisories?name=MDVSA-2011:192

http://www.mandriva.com/security/advisories?name=MDVSA-2012:031

http://www.mozilla.org/security/announce/2011/mfsa2011-55.html

http://www.securitytracker.com/id?1026445

http://www.securitytracker.com/id?1026446

http://www.securitytracker.com/id?1026447

http://www.ubuntu.com/usn/USN-1401-1

https://bugzilla.mozilla.org/show_bug.cgi?id=708186

https://exchange.xforce.ibmcloud.com/vulnerabilities/71910

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14664

Details

Source: MITRE

Published: 2011-12-21

Updated: 2017-12-29

Type: CWE-399

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
76025openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)NessusSuSE Local Security Checks
critical
75950openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0039-2)NessusSuSE Local Security Checks
critical
75744openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)NessusSuSE Local Security Checks
critical
74612openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1)NessusSuSE Local Security Checks
critical
74574openSUSE Security Update : MozillaFirefox / MozillaThunderbird (openSUSE-SU-2012:0417-1)NessusSuSE Local Security Checks
high
74515openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-2011-101)NessusSuSE Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
61940Mandriva Linux Security Advisory : mozilla (MDVSA-2011:192)NessusMandriva Local Security Checks
critical
58481Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2)NessusUbuntu Local Security Checks
high
58397Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1401-1)NessusUbuntu Local Security Checks
high
57686Ubuntu 11.10 : thunderbird vulnerabilities (USN-1343-1)NessusUbuntu Local Security Checks
critical
57458Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2)NessusUbuntu Local Security Checks
critical
57457Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1306-1)NessusUbuntu Local Security Checks
critical
801379Mozilla Firefox 8.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6109Mozilla Firefox < 9.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
57361Thunderbird 8.x Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
57359Firefox 8.x Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
57355FreeBSD : mozilla -- multiple vulnerabilities (e3ff776b-2ba6-11e1-93c6-0011856a6e37)NessusFreeBSD Local Security Checks
critical
57353SeaMonkey < 2.6.0 Multiple VulnerabilitiesNessusWindows
high
57352Mozilla Thunderbird < 9.0 Multiple VulnerabilitiesNessusWindows
high
57351Firefox < 9.0 Multiple VulnerabilitiesNessusWindows
high
801222Mozilla Thunderbird 8 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
6110Mozilla Thunderbird < 9.0 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
high