CVE-2011-3659: Use After Free
First published: Wed Feb 01 2012(Updated: )
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <3.6.26 | |
| Mozilla Firefox | >=4.0<10.0 | |
| Mozilla SeaMonkey | <2.7 | |
| Mozilla Thunderbird | <3.1.18 | |
| Mozilla Thunderbird | >=5.0<10.0 | |
| openSUSE | =11.4 | |
| SUSE Linux Enterprise Desktop with Beagle | =10-sp4 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp1 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| suse linux enterprise server vmware | =11-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=708198
- http://www.mozilla.org/security/announce/2012/mfsa2012-04.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14697
Frequently Asked Questions
What is the severity of CVE-2011-3659?
CVE-2011-3659 is classified as a critical vulnerability that may allow remote attackers to execute arbitrary code.
How do I fix CVE-2011-3659?
To fix CVE-2011-3659, update affected software such as Mozilla Firefox, Thunderbird, and SeaMonkey to the latest versions.
Which versions of Mozilla Firefox are affected by CVE-2011-3659?
CVE-2011-3659 affects Mozilla Firefox versions prior to 3.6.26 and from 4.0 to 9.0.
What software products are affected by CVE-2011-3659?
CVE-2011-3659 affects Mozilla Firefox, Thunderbird, SeaMonkey, and various versions of openSUSE and SUSE Linux Enterprise.
Can CVE-2011-3659 be exploited remotely?
Yes, CVE-2011-3659 can be exploited remotely via incorrect AttributeChildRemoved notifications.
- agent/type
- agent/remedy
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/weakness
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/4.0
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- version/mozilla thunderbird/5.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/10-sp4
- version/suse linux enterprise desktop with beagle/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp1
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp4
- version/suse linux enterprise software development kit/11-sp1