Published: 07/05/2011 Updated: 19/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Mozilla Firefox prior to 3.5.19 and 3.6.x prior to 3.6.17, and SeaMonkey prior to 2.0.14, does not properly use nsTreeRange data structures, which allows remote malicious users to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6.2
mozilla firefox 3.6.10
mozilla firefox 3.6.9
mozilla firefox 3.6
mozilla firefox 3.6.8
mozilla firefox 3.6.15
mozilla firefox 3.6.16
mozilla firefox 3.6.3
mozilla firefox 3.6.4
mozilla firefox 3.6.11
mozilla firefox 3.6.12
mozilla firefox 3.6.6
mozilla firefox 3.6.7
mozilla firefox 3.6.13
mozilla firefox 3.6.14
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1
mozilla seamonkey 1.5.0.10
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.12
mozilla seamonkey
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.11
mozilla firefox 3.5.1
mozilla firefox 3.5.10
mozilla firefox 3.5.9
mozilla firefox 3.0.12
mozilla firefox 3.0.11
mozilla firefox 3.0.4
mozilla firefox 3.0.3
mozilla firefox 2.0.0.20
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.7
mozilla firefox 2.0
mozilla firefox 2.0.0.1
mozilla firefox 1.5
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 1.0
mozilla firefox 1.0.3
mozilla firefox 3.5.11
mozilla firefox 3.5.12
mozilla firefox 3.5.6
mozilla firefox 3.5.7
mozilla firefox 3.0.14
mozilla firefox 3.0.13
mozilla firefox 3.0.6
mozilla firefox 3.0.5
mozilla firefox 2.0.0.12
mozilla firefox 2.0.0.19
mozilla firefox 2.0.0.15
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 1.5.0.11
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.8
mozilla firefox 1.5.0.9
mozilla firefox 1.5.5
mozilla firefox 1.0.1
mozilla firefox 1.0.6
mozilla firefox 1.0.8
mozilla firefox 3.5.17
mozilla firefox
mozilla firefox 3.5.2
mozilla firefox 3.5.3
mozilla firefox 3.5.8
mozilla firefox 3.5
mozilla firefox 3.0.10
mozilla firefox 3.0.9
mozilla firefox 3.0.2
mozilla firefox 3.0.1
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.10
mozilla firefox 2.0.0.18
mozilla firefox 2.0.0.6
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.10
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 1.5.8
mozilla firefox 1.0.2
mozilla firefox 1.0.5
mozilla firefox 3.5.13
mozilla firefox 3.5.14
mozilla firefox 3.5.4
mozilla firefox 3.5.5
mozilla firefox 3.0.17
mozilla firefox 3.0.16
mozilla firefox 3.0.15
mozilla firefox 3.0.8
mozilla firefox 3.0.7
mozilla firefox 3.0
mozilla firefox 2.0.0.14
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.11
mozilla firefox 2.0.0.5
mozilla firefox 2.0.0.4
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.5.7
mozilla firefox 1.5.6
mozilla firefox 1.0.4
mozilla firefox 1.0.7
mozilla firefox 3.5.15
mozilla firefox 3.5.16

Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 Scoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella disc ...

Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 Scoobidiver, Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Ma ...

Multiple vulnerabilities in Firefox and Xulrunner ...

Multiple xulrunner-191 vulnerabilities ...

An empty menu bar sometimes appeared after upgrade in USN-1122-2 ...

Thunderbird could be made to run programs as your login if it opened specially crafted mail ...

Mozilla Foundation Security Advisory 2011-13 Multiple dangling pointer vulnerabilities Announced April 28, 2011 Reporter regenrecht Impact Critical Products Firefox, SeaMonkey Fixed in ...

Advisory : Abysssec Public Exploit : This module exploits a code execution vulnerability in Mozilla Firefox <= 3616 caused by nsTreeSelection element The specific flaw exists within the way Firefox handles user defined functions of a nsTreeSelection element When executing the function invalidateSelection it is possible to free the nsTreeS ...

## # $Id: mozilla_nstreerangerb 13148 2011-07-10 21:10:45Z sinn3r $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

CWE-20 https://bugzilla.mozilla.org/show_bug.cgi?id=630919 http://www.mozilla.org/security/announce/2011/mfsa2011-13.html http://www.debian.org/security/2011/dsa-2235 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://securityreason.com/securityalert/8310 http://downloads.avaya.com/css/P8/documents/100144158 http://downloads.avaya.com/css/P8/documents/100134543 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14020 https://nvd.nist.gov https://www.debian.org/security/./dsa-2228 https://usn.ubuntu.com/1112-1/https://www.exploit-db.com/exploits/17419/

Get Started

CVE-2011-0073

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect