CVE-2011-2991: Buffer Overflow
First published: Thu Aug 18 2011(Updated: )
The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | =4.0-beta6 | |
| Firefox | =4.0-beta1 | |
| Firefox | =4.0-beta9 | |
| Firefox | =4.0-beta5 | |
| Firefox | =4.0-beta8 | |
| Firefox | =4.0-beta12 | |
| Firefox | =4.0-beta3 | |
| Firefox | =5.0 | |
| Firefox | =4.0-beta2 | |
| Firefox | =4.0-beta4 | |
| Firefox | =4.0-beta10 | |
| Firefox | =4.0 | |
| Firefox | =4.0-beta11 | |
| Firefox | =4.0-beta7 | |
| Firefox | =4.0.1 | |
| Thunderbird | =3.0.8 | |
| Thunderbird | =3.0.5 | |
| Thunderbird | =1.5.0.7 | |
| Thunderbird | =0.6 | |
| Thunderbird | =0.7.2 | |
| Thunderbird | =2.0.0.4 | |
| Thunderbird | =3.0.9 | |
| Thunderbird | =2.0.0.6 | |
| Thunderbird | =0.3 | |
| Thunderbird | =2.0.0.21 | |
| Thunderbird | =3.0.1 | |
| Thunderbird | =3.1.7 | |
| Thunderbird | =0.2 | |
| Thunderbird | =3.1.2 | |
| Thunderbird | =3.1.1 | |
| Thunderbird | =1.0.7 | |
| Thunderbird | =2.0.0.18 | |
| Thunderbird | =2.0.0.9 | |
| Thunderbird | =2.0.0.16 | |
| Thunderbird | =2.0.0.8 | |
| Thunderbird | =2.0.0.7 | |
| Thunderbird | =1.7.1 | |
| Thunderbird | =1.5.0.3 | |
| Thunderbird | =1.5.0.10 | |
| Thunderbird | =1.5.0.5 | |
| Thunderbird | =3.1.4 | |
| Thunderbird | =1.5.0.6 | |
| Thunderbird | =1.0 | |
| Thunderbird | =3.0.7 | |
| Thunderbird | =2.0.0.3 | |
| Thunderbird | =3.0.6 | |
| Thunderbird | =1.0.1 | |
| Thunderbird | =1.5-beta2 | |
| Thunderbird | =2.0.0.2 | |
| Thunderbird | =3.0.10 | |
| Thunderbird | =3.0.3 | |
| Thunderbird | =1.0.2 | |
| Thunderbird | =2.0.0.0 | |
| Thunderbird | =1.5.0.13 | |
| Thunderbird | =3.1.5 | |
| Thunderbird | =3.0.11 | |
| Thunderbird | =2.0.0.12 | |
| Thunderbird | =2.0.0.22 | |
| Thunderbird | =1.5 | |
| Thunderbird | =1.5.0.2 | |
| Thunderbird | =1.5.0.8 | |
| Thunderbird | =2.0.0.14 | |
| Thunderbird | =3.0.4 | |
| Thunderbird | <=5.0 | |
| Thunderbird | =0.5 | |
| Thunderbird | =1.0.4 | |
| Thunderbird | =1.5.2 | |
| Thunderbird | =2.0.0.17 | |
| Thunderbird | =2.0.0.23 | |
| Thunderbird | =1.5.0.9 | |
| Thunderbird | =1.5.0.11 | |
| Thunderbird | =0.9 | |
| Thunderbird | =1.0.3 | |
| Thunderbird | =2.0 | |
| Thunderbird | =3.0 | |
| Thunderbird | =1.5.0.12 | |
| Thunderbird | =0.7.3 | |
| Thunderbird | =0.4 | |
| Thunderbird | =1.5.1 | |
| Thunderbird | =0.7 | |
| Thunderbird | =1.5.0.14 | |
| Thunderbird | =3.1 | |
| Thunderbird | =1.0.6 | |
| Thunderbird | =3.1.3 | |
| Thunderbird | =2.0.0.5 | |
| Thunderbird | =3.1.6 | |
| Thunderbird | =1.7.3 | |
| Thunderbird | =2.0.0.1 | |
| Thunderbird | =1.5.0.1 | |
| Thunderbird | =1.0.8 | |
| Thunderbird | =0.1 | |
| Thunderbird | =0.7.1 | |
| Thunderbird | =1.0.5 | |
| Thunderbird | =0.8 | |
| Thunderbird | =3.0.2 | |
| Thunderbird | =2.0.0.19 | |
| Thunderbird | =1.5.0.4 | |
| Mozilla SeaMonkey | =2.0.10 | |
| Mozilla SeaMonkey | =2.2-beta2 | |
| Mozilla SeaMonkey | =2.0.13 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.1-alpha2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0.8 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0.12 | |
| Mozilla SeaMonkey | =2.0.11 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.1-rc1 | |
| Mozilla SeaMonkey | =2.1 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0.9 | |
| Mozilla SeaMonkey | =2.1-alpha1 | |
| Mozilla SeaMonkey | =2.1-beta2 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.14 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Mozilla SeaMonkey | =2.2 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.1-rc2 | |
| Mozilla SeaMonkey | =2.1-beta1 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.1-beta3 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.2-beta3 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Mozilla SeaMonkey | =2.1-alpha3 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =2.2-beta1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=655660
- http://www.mozilla.org/security/announce/2011/mfsa2011-33.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-31.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
- http://secunia.com/advisories/49055
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14303
Frequently Asked Questions
What is the severity of CVE-2011-2991?
CVE-2011-2991 has been assigned a medium severity level as it can lead to denial of service through memory corruption.
How do I fix CVE-2011-2991?
To fix CVE-2011-2991, update your affected software to the latest version released by Mozilla.
Which software products are affected by CVE-2011-2991?
CVE-2011-2991 affects Mozilla Firefox 4.x through 5, SeaMonkey 2.x versions before 2.3, and Thunderbird before version 6.
What kind of attack can CVE-2011-2991 enable?
CVE-2011-2991 can enable attackers to cause memory corruption and potential application crashes.
Is user action required to mitigate CVE-2011-2991?
Yes, users must update their browsers and email clients to versions that contain the security fix for CVE-2011-2991.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/4.0-beta6
- version/firefox/4.0-beta1
- version/firefox/4.0-beta9
- version/firefox/4.0-beta5
- version/firefox/4.0-beta8
- version/firefox/4.0-beta12
- version/firefox/4.0-beta3
- version/firefox/5.0
- version/firefox/4.0-beta2
- version/firefox/4.0-beta4
- version/firefox/4.0-beta10
- version/firefox/4.0
- version/firefox/4.0-beta11
- version/firefox/4.0-beta7
- version/firefox/4.0.1
- canonical/thunderbird
- version/thunderbird/3.0.8
- version/thunderbird/3.0.5
- version/thunderbird/1.5.0.7
- version/thunderbird/0.6
- version/thunderbird/0.7.2
- version/thunderbird/2.0.0.4
- version/thunderbird/3.0.9
- version/thunderbird/2.0.0.6
- version/thunderbird/0.3
- version/thunderbird/2.0.0.21
- version/thunderbird/3.0.1
- version/thunderbird/3.1.7
- version/thunderbird/0.2
- version/thunderbird/3.1.2
- version/thunderbird/3.1.1
- version/thunderbird/1.0.7
- version/thunderbird/2.0.0.18
- version/thunderbird/2.0.0.9
- version/thunderbird/2.0.0.16
- version/thunderbird/2.0.0.8
- version/thunderbird/2.0.0.7
- version/thunderbird/1.7.1
- version/thunderbird/1.5.0.3
- version/thunderbird/1.5.0.10
- version/thunderbird/1.5.0.5
- version/thunderbird/3.1.4
- version/thunderbird/1.5.0.6
- version/thunderbird/1.0
- version/thunderbird/3.0.7
- version/thunderbird/2.0.0.3
- version/thunderbird/3.0.6
- version/thunderbird/1.0.1
- version/thunderbird/1.5-beta2
- version/thunderbird/2.0.0.2
- version/thunderbird/3.0.10
- version/thunderbird/3.0.3
- version/thunderbird/1.0.2
- version/thunderbird/2.0.0.0
- version/thunderbird/1.5.0.13
- version/thunderbird/3.1.5
- version/thunderbird/3.0.11
- version/thunderbird/2.0.0.12
- version/thunderbird/2.0.0.22
- version/thunderbird/1.5
- version/thunderbird/1.5.0.2
- version/thunderbird/1.5.0.8
- version/thunderbird/2.0.0.14
- version/thunderbird/3.0.4
- version/thunderbird/5.0
- version/thunderbird/0.5
- version/thunderbird/1.0.4
- version/thunderbird/1.5.2
- version/thunderbird/2.0.0.17
- version/thunderbird/2.0.0.23
- version/thunderbird/1.5.0.9
- version/thunderbird/1.5.0.11
- version/thunderbird/0.9
- version/thunderbird/1.0.3
- version/thunderbird/2.0
- version/thunderbird/3.0
- version/thunderbird/1.5.0.12
- version/thunderbird/0.7.3
- version/thunderbird/0.4
- version/thunderbird/1.5.1
- version/thunderbird/0.7
- version/thunderbird/1.5.0.14
- version/thunderbird/3.1
- version/thunderbird/1.0.6
- version/thunderbird/3.1.3
- version/thunderbird/2.0.0.5
- version/thunderbird/3.1.6
- version/thunderbird/1.7.3
- version/thunderbird/2.0.0.1
- version/thunderbird/1.5.0.1
- version/thunderbird/1.0.8
- version/thunderbird/0.1
- version/thunderbird/0.7.1
- version/thunderbird/1.0.5
- version/thunderbird/0.8
- version/thunderbird/3.0.2
- version/thunderbird/2.0.0.19
- version/thunderbird/1.5.0.4
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.0.10
- version/mozilla seamonkey/2.2-beta2
- version/mozilla seamonkey/2.0.13
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.1-alpha2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0.12
- version/mozilla seamonkey/2.0.11
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.1-rc1
- version/mozilla seamonkey/2.1
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0.9
- version/mozilla seamonkey/2.1-alpha1
- version/mozilla seamonkey/2.1-beta2
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.14
- version/mozilla seamonkey/2.0.7
- version/mozilla seamonkey/2.2
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.1-rc2
- version/mozilla seamonkey/2.1-beta1
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.1-beta3
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.2-beta3
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/2.1-alpha3
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/2.2-beta1