Back to search
CVE-2011-3658
Published: Dec 21, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2012:0417
vendor-advisory
x_refsource_SUSE
http://www.mozilla.org/security/announce/2011/mfsa2011-55.html
x_refsource_CONFIRM
MDVSA-2012:031
vendor-advisory
x_refsource_MANDRIVA
MDVSA-2011:192
vendor-advisory
x_refsource_MANDRIVA
48823
third-party-advisory
x_refsource_SECUNIA
USN-1401-1
vendor-advisory
x_refsource_UBUNTU
47334
third-party-advisory
x_refsource_SECUNIA
1026447
vdb-entry
x_refsource_SECTRACK
1026446
vdb-entry
x_refsource_SECTRACK
49055
third-party-advisory
x_refsource_SECUNIA
firefox-domattrmodified-code-exec(71910)
vdb-entry
x_refsource_XF
1026445
vdb-entry
x_refsource_SECTRACK
77953
vdb-entry
x_refsource_OSVDB
https://bugzilla.mozilla.org/show_bug.cgi?id=708186
x_refsource_CONFIRM
48495
third-party-advisory
x_refsource_SECUNIA
48553
third-party-advisory
x_refsource_SECUNIA
47302
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2012:0039
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:14664
vdb-entry
signature
x_refsource_OVAL
openSUSE-SU-2012:0007
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now