CVE-2011-3671: Use After Free
First published: Mon Jun 18 2012(Updated: )
Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla SeaMonkey | =2.0.10 | |
| Mozilla SeaMonkey | =1.1.10 | |
| Firefox | =4.0-beta6 | |
| Firefox | =4.0-beta1 | |
| Mozilla SeaMonkey | =1.0.3 | |
| Mozilla SeaMonkey | =2.0.13 | |
| Mozilla SeaMonkey | =1.1.8 | |
| Mozilla SeaMonkey | =1.0.1 | |
| Mozilla SeaMonkey | =1.1.7 | |
| Firefox | =8.0 | |
| Mozilla SeaMonkey | =1.5.0.10 | |
| Mozilla SeaMonkey | =1.0.6 | |
| Mozilla SeaMonkey | =1.0.9 | |
| Firefox | =4.0-beta9 | |
| Mozilla SeaMonkey | =1.1.3 | |
| Firefox | =4.0-beta5 | |
| Firefox | =4.0-beta8 | |
| Mozilla SeaMonkey | =2.0a1pre | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =4.0-beta12 | |
| Mozilla SeaMonkey | =2.1-alpha2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =1.1.17 | |
| Mozilla SeaMonkey | =1.0.99 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =1.1.5 | |
| Mozilla SeaMonkey | =2.0.8 | |
| Mozilla SeaMonkey | =1.0.7 | |
| Mozilla SeaMonkey | =1.0-beta | |
| Thunderbird | =7.0 | |
| Mozilla SeaMonkey | =1.1-alpha | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =1.0-alpha | |
| Mozilla SeaMonkey | =2.0a1 | |
| Mozilla SeaMonkey | =1.1.12 | |
| Mozilla SeaMonkey | =2.0.12 | |
| Firefox | =4.0-beta3 | |
| Mozilla SeaMonkey | =1.1 | |
| Firefox | =5.0.1 | |
| Firefox | =5.0 | |
| Firefox | =7.0 | |
| Mozilla SeaMonkey | =1.1.14 | |
| Mozilla SeaMonkey | =2.0.11 | |
| Firefox | =6.0.2 | |
| Mozilla SeaMonkey | =1.1.2 | |
| Firefox | =4.0-beta2 | |
| Mozilla SeaMonkey | =1.0 | |
| Firefox | =4.0-beta4 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =1.0.2 | |
| Mozilla SeaMonkey | =1.0.8 | |
| Firefox | =4.0-beta10 | |
| Firefox | =6.0.1 | |
| Mozilla SeaMonkey | =1.1.11 | |
| Thunderbird | =6.0.1 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Thunderbird | =5.0 | |
| Mozilla SeaMonkey | =1.5.0.9 | |
| Mozilla SeaMonkey | =1.1-beta | |
| Mozilla SeaMonkey | =1.1.1 | |
| Mozilla SeaMonkey | =2.0.9 | |
| Mozilla SeaMonkey | =2.1-alpha1 | |
| Thunderbird | =6.0.2 | |
| Mozilla SeaMonkey | =1.5.0.8 | |
| Firefox | =4.0 | |
| Mozilla SeaMonkey | =1.1.5-1.1.10 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Thunderbird | =8.0 | |
| Mozilla SeaMonkey | =1.0.5 | |
| Mozilla SeaMonkey | =1.1.15 | |
| Mozilla SeaMonkey | =2.0.14 | |
| Mozilla SeaMonkey | <=2.5 | |
| Mozilla SeaMonkey | =1.1.6 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Mozilla SeaMonkey | =1.1.16 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =1.0 | |
| Mozilla SeaMonkey | =1.1.19 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Thunderbird | =7.0.1 | |
| Firefox | =6.0 | |
| Mozilla SeaMonkey | =2.3.3 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =1.0.4 | |
| Mozilla SeaMonkey | =1.1.9 | |
| Mozilla SeaMonkey | =1.1.13 | |
| Mozilla SeaMonkey | =1.1.18 | |
| Firefox | =7.0.1 | |
| Firefox | =4.0-beta11 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Firefox | =4.0-beta7 | |
| Mozilla SeaMonkey | =2.1-alpha3 | |
| Thunderbird | =6.0 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =1.1.4 | |
| Firefox | =4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-3671?
CVE-2011-3671 is classified as a critical severity vulnerability allowing arbitrary code execution.
How do I fix CVE-2011-3671?
To fix CVE-2011-3671, users should upgrade to the latest versions of Mozilla Firefox, Thunderbird, or SeaMonkey that have patched this vulnerability.
What versions are affected by CVE-2011-3671?
CVE-2011-3671 affects Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey versions before 2.6.
Can CVE-2011-3671 be exploited remotely?
Yes, CVE-2011-3671 can be exploited remotely by attackers through vectors that involve manipulation of DOM elements.
Is there a workaround for CVE-2011-3671 if I can't upgrade?
There are no reliable workarounds for CVE-2011-3671, so upgrading to a fixed version is essential for protection.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.0.10
- version/mozilla seamonkey/1.1.10
- canonical/firefox
- version/firefox/4.0-beta6
- version/firefox/4.0-beta1
- version/mozilla seamonkey/1.0.3
- version/mozilla seamonkey/2.0.13
- version/mozilla seamonkey/1.1.8
- version/mozilla seamonkey/1.0.1
- version/mozilla seamonkey/1.1.7
- version/firefox/8.0
- version/mozilla seamonkey/1.5.0.10
- version/mozilla seamonkey/1.0.6
- version/mozilla seamonkey/1.0.9
- version/firefox/4.0-beta9
- version/mozilla seamonkey/1.1.3
- version/firefox/4.0-beta5
- version/firefox/4.0-beta8
- version/mozilla seamonkey/2.0a1pre
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/1.0
- version/firefox/4.0-beta12
- version/mozilla seamonkey/2.1-alpha2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/1.1.17
- version/mozilla seamonkey/1.0.99
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/1.1.5
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/1.0.7
- version/mozilla seamonkey/1.0-beta
- canonical/thunderbird
- version/thunderbird/7.0
- version/mozilla seamonkey/1.1-alpha
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/1.0-alpha
- version/mozilla seamonkey/2.0a1
- version/mozilla seamonkey/1.1.12
- version/mozilla seamonkey/2.0.12
- version/firefox/4.0-beta3
- version/mozilla seamonkey/1.1
- version/firefox/5.0.1
- version/firefox/5.0
- version/firefox/7.0
- version/mozilla seamonkey/1.1.14
- version/mozilla seamonkey/2.0.11
- version/firefox/6.0.2
- version/mozilla seamonkey/1.1.2
- version/firefox/4.0-beta2
- version/firefox/4.0-beta4
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/1.0.2
- version/mozilla seamonkey/1.0.8
- version/firefox/4.0-beta10
- version/firefox/6.0.1
- version/mozilla seamonkey/1.1.11
- version/thunderbird/6.0.1
- version/mozilla seamonkey/2.0-alpha_1
- version/thunderbird/5.0
- version/mozilla seamonkey/1.5.0.9
- version/mozilla seamonkey/1.1-beta
- version/mozilla seamonkey/1.1.1
- version/mozilla seamonkey/2.0.9
- version/mozilla seamonkey/2.1-alpha1
- version/thunderbird/6.0.2
- version/mozilla seamonkey/1.5.0.8
- version/firefox/4.0
- version/mozilla seamonkey/1.1.5-1.1.10
- version/mozilla seamonkey/2.0.1
- version/thunderbird/8.0
- version/mozilla seamonkey/1.0.5
- version/mozilla seamonkey/1.1.15
- version/mozilla seamonkey/2.0.14
- version/mozilla seamonkey/2.5
- version/mozilla seamonkey/1.1.6
- version/mozilla seamonkey/2.0.7
- version/mozilla seamonkey/1.1.16
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/1.1.19
- version/mozilla seamonkey/2.0.5
- version/thunderbird/7.0.1
- version/firefox/6.0
- version/mozilla seamonkey/2.3.3
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/1.0.4
- version/mozilla seamonkey/1.1.9
- version/mozilla seamonkey/1.1.13
- version/mozilla seamonkey/1.1.18
- version/firefox/7.0.1
- version/firefox/4.0-beta11
- version/mozilla seamonkey/2.0.6
- version/firefox/4.0-beta7
- version/mozilla seamonkey/2.1-alpha3
- version/thunderbird/6.0
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/1.1.4
- version/firefox/4.0.1