Published: 21/12/2011 Updated: 19/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

YARR, as used in Mozilla Firefox 4.x up to and including 8.0, Thunderbird 5.0 up to and including 8.0, and SeaMonkey prior to 2.6, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.9
mozilla seamonkey 2.3.3
mozilla seamonkey 1.1.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0
mozilla seamonkey 1.0.99
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.7
mozilla seamonkey 2.1
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.13
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.2
mozilla seamonkey 1.1
mozilla seamonkey 2.0
mozilla seamonkey 2.0a1
mozilla seamonkey 2.0a1pre
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0.10
mozilla seamonkey 1.5.0.10
mozilla seamonkey 1.1.3
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.4
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.1
mozilla seamonkey
mozilla firefox 4.0
mozilla firefox 5.0
mozilla firefox 5.0.1
mozilla thunderbird 5.0
mozilla thunderbird 6.0
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.10
mozilla seamonkey 2.0.4
mozilla firefox 7.0.1
mozilla firefox 8.0
mozilla thunderbird 8.0
mozilla seamonkey 1.1.17
mozilla seamonkey 2.0.11
mozilla seamonkey 1.1.15
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.3
mozilla firefox 4.0.1
mozilla firefox 6.0.2
mozilla firefox 7.0
mozilla thunderbird 7.0
mozilla thunderbird 7.0.1
mozilla seamonkey 1.1.14
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.13
mozilla seamonkey 1.1.5
mozilla firefox 6.0
mozilla firefox 6.0.1
mozilla thunderbird 6.0.1
mozilla thunderbird 6.0.2
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.5
mozilla seamonkey 1.1.4

Several security issues were fixed in Firefox ...

This update provides compatible packages for Firefox 9 ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2011-54 Potentially exploitable crash in the YARR regular expression library Announced December 20, 2011 Reporter Aki Helin Impact Critical Products Firefox, SeaMonkey, Thunderbird F ...

CWE-399 https://bugzilla.mozilla.org/show_bug.cgi?id=691299 http://www.mozilla.org/security/announce/2011/mfsa2011-54.html http://www.securitytracker.com/id?1026447 http://www.securitytracker.com/id?1026446 http://secunia.com/advisories/47302 http://www.mandriva.com/security/advisories?name=MDVSA-2011:192 http://secunia.com/advisories/47334 http://www.securitytracker.com/id?1026445 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html http://secunia.com/advisories/49055 https://exchange.xforce.ibmcloud.com/vulnerabilities/71909 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14424 https://nvd.nist.gov https://usn.ubuntu.com/1306-1/

CVE-2011-3661

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect