You are here

CVE-2011-2378

Vincent (CVE) Danen's picture
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."

Details Source

Mitre

Public Date

2011-08-16 00:00:00

Impact

Critical

Bugzilla

CVE-2011-2378 Mozilla: Dangling pointer vulnerability in appendChild

Bugzilla ID

730 521

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (thunderbird) RHSA-2011:1166 2011-08-16
Red Hat Enterprise Linux 6 (firefox) RHSA-2011:1164 2011-08-16
Red Hat Enterprise Linux 4 (firefox) RHSA-2011:1164 2011-08-16
Red Hat Enterprise Linux 5 (firefox) RHSA-2011:1164 2011-08-16

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 6 xulrunner 1.9.2.20-2.el6_1 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.2.20-2.el5 Fixed
Red Hat Enterprise Linux Server EUS (v. 6.1) thunderbird Affected
Red Hat Enterprise Linux Server EUS (v. 6.1) firefox Affected