Published: 29/09/2011 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird prior to 7.0, and SeaMonkey prior to 2.4 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 4.0
mozilla firefox 6.0
mozilla firefox 5.0
mozilla firefox 4.0.1
mozilla thunderbird 0.3
mozilla thunderbird 0.4
mozilla thunderbird 0.8
mozilla thunderbird 0.9
mozilla thunderbird 1.0
mozilla thunderbird 1.0.6
mozilla thunderbird 1.0.7
mozilla thunderbird 1.5.0.13
mozilla thunderbird 1.5.0.14
mozilla thunderbird 1.5.0.9
mozilla thunderbird 1.5.1
mozilla thunderbird 2.0.0.1
mozilla thunderbird 2.0.0.11
mozilla thunderbird 2.0.0.18
mozilla thunderbird 2.0.0.19
mozilla thunderbird 2.0.0.5
mozilla thunderbird 2.0.0.6
mozilla thunderbird 2.0_.4
mozilla thunderbird 2.0_.5
mozilla thunderbird 3.0.11
mozilla thunderbird 3.0.2
mozilla thunderbird 3.1
mozilla thunderbird 3.1.1
mozilla thunderbird 3.1.6
mozilla thunderbird 3.1.7
mozilla thunderbird 0.7
mozilla thunderbird 0.7.1
mozilla thunderbird 1.0.3
mozilla thunderbird 1.0.4
mozilla thunderbird 1.5.0.1
mozilla thunderbird 1.5.0.10
mozilla thunderbird 1.5.0.4
mozilla thunderbird 1.5.0.5
mozilla thunderbird 1.7.1
mozilla thunderbird 1.7.3
mozilla thunderbird 2.0.0.14
mozilla thunderbird 2.0.0.15
mozilla thunderbird 2.0.0.21
mozilla thunderbird 2.0.0.22
mozilla thunderbird 2.0.0.23
mozilla thunderbird 2.0.0.9
mozilla thunderbird 2.0_.12
mozilla thunderbird 2.0_8
mozilla thunderbird 3.0
mozilla thunderbird 3.0.6
mozilla thunderbird 3.0.7
mozilla thunderbird 3.1.2
mozilla thunderbird 3.1.3
mozilla thunderbird 5.0
mozilla thunderbird
mozilla thunderbird 0.5
mozilla thunderbird 0.6
mozilla thunderbird 1.0.1
mozilla thunderbird 1.0.2
mozilla thunderbird 1.0.8
mozilla thunderbird 1.5
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.3
mozilla thunderbird 1.5.2
mozilla thunderbird 2.0.0.12
mozilla thunderbird 2.0.0.13
mozilla thunderbird 2.0.0.2
mozilla thunderbird 2.0.0.20
mozilla thunderbird 2.0.0.7
mozilla thunderbird 2.0.0.8
mozilla thunderbird 2.0_.6
mozilla thunderbird 2.0_.9
mozilla thunderbird 3.0.3
mozilla thunderbird 3.0.4
mozilla thunderbird 3.0.5
mozilla thunderbird 3.1.10
mozilla thunderbird 3.1.11
mozilla thunderbird 3.1.8
mozilla thunderbird 3.1.9
mozilla thunderbird 0.1
mozilla thunderbird 0.2
mozilla thunderbird 0.7.2
mozilla thunderbird 0.7.3
mozilla thunderbird 1.0.5
mozilla thunderbird 1.5.0.11
mozilla thunderbird 1.5.0.12
mozilla thunderbird 1.5.0.6
mozilla thunderbird 1.5.0.7
mozilla thunderbird 1.5.0.8
mozilla thunderbird 2.0
mozilla thunderbird 2.0.0.0
mozilla thunderbird 2.0.0.16
mozilla thunderbird 2.0.0.17
mozilla thunderbird 2.0.0.3
mozilla thunderbird 2.0.0.4
mozilla thunderbird 2.0_.13
mozilla thunderbird 2.0_.14
mozilla thunderbird 3.0.1
mozilla thunderbird 3.0.10
mozilla thunderbird 3.0.8
mozilla thunderbird 3.0.9
mozilla thunderbird 3.1.4
mozilla thunderbird 3.1.5
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.7
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.4
mozilla seamonkey 2.1
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.5
mozilla seamonkey 1.5.0.10
mozilla seamonkey 1.5.0.8
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0a1
mozilla seamonkey 2.0a1pre
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.99
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.6
mozilla seamonkey

This update provides packages compatible with Firefox 7 ...

Firefox could be made to crash or possibly run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2011-44 Use after free reading OGG headers Announced September 27, 2011 Reporter sczimmer Impact Critical Products Firefox, SeaMonkey, Thunderbird Fixed in ...

CWE-119 https://bugzilla.mozilla.org/show_bug.cgi?id=675747 http://www.mozilla.org/security/announce/2011/mfsa2011-44.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:141 http://www.mandriva.com/security/advisories?name=MDVSA-2011:142 http://secunia.com/advisories/46315 http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html http://secunia.com/advisories/49055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14352 https://usn.ubuntu.com/1222-2/https://nvd.nist.gov

Get Started

CVE-2011-3005

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect