CVE-2011-2989: Buffer Overflow
First published: Thu Aug 18 2011(Updated: )
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | =4.0-beta6 | |
| Mozilla Firefox | =4.0-beta1 | |
| Mozilla Firefox | =4.0-beta9 | |
| Mozilla Firefox | =4.0-beta5 | |
| Mozilla Firefox | =4.0-beta8 | |
| Mozilla Firefox | =4.0-beta12 | |
| Mozilla Firefox | =4.0-beta3 | |
| Mozilla Firefox | =5.0 | |
| Mozilla Firefox | =4.0-beta2 | |
| Mozilla Firefox | =4.0-beta4 | |
| Mozilla Firefox | =4.0-beta10 | |
| Mozilla Firefox | =4.0 | |
| Mozilla Firefox | =4.0-beta11 | |
| Mozilla Firefox | =4.0-beta7 | |
| Mozilla Firefox | =4.0.1 | |
| Mozilla SeaMonkey | =2.0.10 | |
| Mozilla SeaMonkey | =2.2-beta2 | |
| Mozilla SeaMonkey | =2.0.13 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.1-alpha2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0.8 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0.12 | |
| Mozilla SeaMonkey | =2.0.11 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.1-rc1 | |
| Mozilla SeaMonkey | =2.1 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0.9 | |
| Mozilla SeaMonkey | =2.1-alpha1 | |
| Mozilla SeaMonkey | =2.1-beta2 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.14 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Mozilla SeaMonkey | =2.2 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.1-rc2 | |
| Mozilla SeaMonkey | =2.1-beta1 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.1-beta3 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.2-beta3 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Mozilla SeaMonkey | =2.1-alpha3 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =2.2-beta1 | |
| Mozilla Thunderbird | =3.0.8 | |
| Mozilla Thunderbird | =3.0.5 | |
| Mozilla Thunderbird | =1.5.0.7 | |
| Mozilla Thunderbird | =0.6 | |
| Mozilla Thunderbird | =0.7.2 | |
| Mozilla Thunderbird | =2.0.0.4 | |
| Mozilla Thunderbird | =3.0.9 | |
| Mozilla Thunderbird | =2.0.0.6 | |
| Mozilla Thunderbird | =0.3 | |
| Mozilla Thunderbird | =2.0.0.21 | |
| Mozilla Thunderbird | =3.0.1 | |
| Mozilla Thunderbird | =3.1.7 | |
| Mozilla Thunderbird | =0.2 | |
| Mozilla Thunderbird | =3.1.2 | |
| Mozilla Thunderbird | =3.1.1 | |
| Mozilla Thunderbird | =1.0.7 | |
| Mozilla Thunderbird | =2.0.0.18 | |
| Mozilla Thunderbird | =2.0.0.9 | |
| Mozilla Thunderbird | =2.0.0.16 | |
| Mozilla Thunderbird | =2.0.0.8 | |
| Mozilla Thunderbird | =2.0.0.7 | |
| Mozilla Thunderbird | =1.7.1 | |
| Mozilla Thunderbird | =1.5.0.3 | |
| Mozilla Thunderbird | =1.5.0.10 | |
| Mozilla Thunderbird | =1.5.0.5 | |
| Mozilla Thunderbird | =3.1.4 | |
| Mozilla Thunderbird | =1.5.0.6 | |
| Mozilla Thunderbird | =1.0 | |
| Mozilla Thunderbird | =3.0.7 | |
| Mozilla Thunderbird | =2.0.0.3 | |
| Mozilla Thunderbird | =3.0.6 | |
| Mozilla Thunderbird | =1.0.1 | |
| Mozilla Thunderbird | =1.5-beta2 | |
| Mozilla Thunderbird | =2.0.0.2 | |
| Mozilla Thunderbird | =3.0.10 | |
| Mozilla Thunderbird | =3.0.3 | |
| Mozilla Thunderbird | =1.0.2 | |
| Mozilla Thunderbird | =2.0.0.0 | |
| Mozilla Thunderbird | =1.5.0.13 | |
| Mozilla Thunderbird | =3.1.5 | |
| Mozilla Thunderbird | =3.0.11 | |
| Mozilla Thunderbird | =2.0.0.12 | |
| Mozilla Thunderbird | =2.0.0.22 | |
| Mozilla Thunderbird | =1.5 | |
| Mozilla Thunderbird | =1.5.0.2 | |
| Mozilla Thunderbird | =1.5.0.8 | |
| Mozilla Thunderbird | =2.0.0.14 | |
| Mozilla Thunderbird | =3.0.4 | |
| Mozilla Thunderbird | <=5.0 | |
| Mozilla Thunderbird | =0.5 | |
| Mozilla Thunderbird | =1.0.4 | |
| Mozilla Thunderbird | =1.5.2 | |
| Mozilla Thunderbird | =2.0.0.17 | |
| Mozilla Thunderbird | =2.0.0.23 | |
| Mozilla Thunderbird | =1.5.0.9 | |
| Mozilla Thunderbird | =1.5.0.11 | |
| Mozilla Thunderbird | =0.9 | |
| Mozilla Thunderbird | =1.0.3 | |
| Mozilla Thunderbird | =2.0 | |
| Mozilla Thunderbird | =3.0 | |
| Mozilla Thunderbird | =1.5.0.12 | |
| Mozilla Thunderbird | =0.7.3 | |
| Mozilla Thunderbird | =0.4 | |
| Mozilla Thunderbird | =1.5.1 | |
| Mozilla Thunderbird | =0.7 | |
| Mozilla Thunderbird | =1.5.0.14 | |
| Mozilla Thunderbird | =3.1 | |
| Mozilla Thunderbird | =1.0.6 | |
| Mozilla Thunderbird | =3.1.3 | |
| Mozilla Thunderbird | =2.0.0.5 | |
| Mozilla Thunderbird | =3.1.6 | |
| Mozilla Thunderbird | =1.7.3 | |
| Mozilla Thunderbird | =2.0.0.1 | |
| Mozilla Thunderbird | =1.5.0.1 | |
| Mozilla Thunderbird | =1.0.8 | |
| Mozilla Thunderbird | =0.1 | |
| Mozilla Thunderbird | =0.7.1 | |
| Mozilla Thunderbird | =1.0.5 | |
| Mozilla Thunderbird | =0.8 | |
| Mozilla Thunderbird | =3.0.2 | |
| Mozilla Thunderbird | =2.0.0.19 | |
| Mozilla Thunderbird | =1.5.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=674042
- http://www.mozilla.org/security/announce/2011/mfsa2011-33.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-31.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
- http://secunia.com/advisories/49055
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14528
Frequently Asked Questions
What is the severity of CVE-2011-2989?
CVE-2011-2989 has a medium severity rating due to potential memory corruption and application crashes.
How do I fix CVE-2011-2989?
To fix CVE-2011-2989, update to the latest version of Mozilla Firefox, SeaMonkey, or Thunderbird that includes the security patch.
What products are affected by CVE-2011-2989?
CVE-2011-2989 affects Mozilla Firefox versions 4.x through 5, SeaMonkey 2.x before 2.3, and Thunderbird 6 or earlier.
What type of vulnerability is CVE-2011-2989?
CVE-2011-2989 is a vulnerability related to improper WebGL implementation that can lead to denial of service and potentially arbitrary code execution.
Is CVE-2011-2989 currently being exploited?
As of now, there is no confirmed information about active exploitation of CVE-2011-2989.
- agent/softwarecombine
- agent/type
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/4.0-beta6
- version/mozilla firefox/4.0-beta1
- version/mozilla firefox/4.0-beta9
- version/mozilla firefox/4.0-beta5
- version/mozilla firefox/4.0-beta8
- version/mozilla firefox/4.0-beta12
- version/mozilla firefox/4.0-beta3
- version/mozilla firefox/5.0
- version/mozilla firefox/4.0-beta2
- version/mozilla firefox/4.0-beta4
- version/mozilla firefox/4.0-beta10
- version/mozilla firefox/4.0
- version/mozilla firefox/4.0-beta11
- version/mozilla firefox/4.0-beta7
- version/mozilla firefox/4.0.1
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.0.10
- version/mozilla seamonkey/2.2-beta2
- version/mozilla seamonkey/2.0.13
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.1-alpha2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0.12
- version/mozilla seamonkey/2.0.11
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.1-rc1
- version/mozilla seamonkey/2.1
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0.9
- version/mozilla seamonkey/2.1-alpha1
- version/mozilla seamonkey/2.1-beta2
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.14
- version/mozilla seamonkey/2.0.7
- version/mozilla seamonkey/2.2
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.1-rc2
- version/mozilla seamonkey/2.1-beta1
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.1-beta3
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.2-beta3
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/2.1-alpha3
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/2.2-beta1
- canonical/mozilla thunderbird
- version/mozilla thunderbird/3.0.8
- version/mozilla thunderbird/3.0.5
- version/mozilla thunderbird/1.5.0.7
- version/mozilla thunderbird/0.6
- version/mozilla thunderbird/0.7.2
- version/mozilla thunderbird/2.0.0.4
- version/mozilla thunderbird/3.0.9
- version/mozilla thunderbird/2.0.0.6
- version/mozilla thunderbird/0.3
- version/mozilla thunderbird/2.0.0.21
- version/mozilla thunderbird/3.0.1
- version/mozilla thunderbird/3.1.7
- version/mozilla thunderbird/0.2
- version/mozilla thunderbird/3.1.2
- version/mozilla thunderbird/3.1.1
- version/mozilla thunderbird/1.0.7
- version/mozilla thunderbird/2.0.0.18
- version/mozilla thunderbird/2.0.0.9
- version/mozilla thunderbird/2.0.0.16
- version/mozilla thunderbird/2.0.0.8
- version/mozilla thunderbird/2.0.0.7
- version/mozilla thunderbird/1.7.1
- version/mozilla thunderbird/1.5.0.3
- version/mozilla thunderbird/1.5.0.10
- version/mozilla thunderbird/1.5.0.5
- version/mozilla thunderbird/3.1.4
- version/mozilla thunderbird/1.5.0.6
- version/mozilla thunderbird/1.0
- version/mozilla thunderbird/3.0.7
- version/mozilla thunderbird/2.0.0.3
- version/mozilla thunderbird/3.0.6
- version/mozilla thunderbird/1.0.1
- version/mozilla thunderbird/1.5-beta2
- version/mozilla thunderbird/2.0.0.2
- version/mozilla thunderbird/3.0.10
- version/mozilla thunderbird/3.0.3
- version/mozilla thunderbird/1.0.2
- version/mozilla thunderbird/2.0.0.0
- version/mozilla thunderbird/1.5.0.13
- version/mozilla thunderbird/3.1.5
- version/mozilla thunderbird/3.0.11
- version/mozilla thunderbird/2.0.0.12
- version/mozilla thunderbird/2.0.0.22
- version/mozilla thunderbird/1.5
- version/mozilla thunderbird/1.5.0.2
- version/mozilla thunderbird/1.5.0.8
- version/mozilla thunderbird/2.0.0.14
- version/mozilla thunderbird/3.0.4
- version/mozilla thunderbird/5.0
- version/mozilla thunderbird/0.5
- version/mozilla thunderbird/1.0.4
- version/mozilla thunderbird/1.5.2
- version/mozilla thunderbird/2.0.0.17
- version/mozilla thunderbird/2.0.0.23
- version/mozilla thunderbird/1.5.0.9
- version/mozilla thunderbird/1.5.0.11
- version/mozilla thunderbird/0.9
- version/mozilla thunderbird/1.0.3
- version/mozilla thunderbird/2.0
- version/mozilla thunderbird/3.0
- version/mozilla thunderbird/1.5.0.12
- version/mozilla thunderbird/0.7.3
- version/mozilla thunderbird/0.4
- version/mozilla thunderbird/1.5.1
- version/mozilla thunderbird/0.7
- version/mozilla thunderbird/1.5.0.14
- version/mozilla thunderbird/3.1
- version/mozilla thunderbird/1.0.6
- version/mozilla thunderbird/3.1.3
- version/mozilla thunderbird/2.0.0.5
- version/mozilla thunderbird/3.1.6
- version/mozilla thunderbird/1.7.3
- version/mozilla thunderbird/2.0.0.1
- version/mozilla thunderbird/1.5.0.1
- version/mozilla thunderbird/1.0.8
- version/mozilla thunderbird/0.1
- version/mozilla thunderbird/0.7.1
- version/mozilla thunderbird/1.0.5
- version/mozilla thunderbird/0.8
- version/mozilla thunderbird/3.0.2
- version/mozilla thunderbird/2.0.0.19
- version/mozilla thunderbird/1.5.0.4