CVE-2011-3650

high

Description

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

References

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

https://bugzilla.mozilla.org/show_bug.cgi?id=674776

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13870

http://www.mozilla.org/security/announce/2011/mfsa2011-49.html

http://www.redhat.com/support/errata/RHSA-2011-1439.html

Details

Source: Mitre, NVD

Published: 2011-11-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High