CVE-2011-2371

Sažetak

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

Reference

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
http://secunia.com/advisories/45002
http://securityreason.com/securityalert/8472
http://support.avaya.com/css/P8/documents/100144854
http://support.avaya.com/css/P8/documents/100145333
http://www.debian.org/security/2011/dsa-2268
http://www.debian.org/security/2011/dsa-2269
http://www.debian.org/security/2011/dsa-2273
http://www.mandriva.com/security/advisories?name=MDVSA-2011:111
http://www.mozilla.org/security/announce/2011/mfsa2011-22.html
http://www.redhat.com/support/errata/RHSA-2011-0885.html
http://www.redhat.com/support/errata/RHSA-2011-0887.html
http://www.redhat.com/support/errata/RHSA-2011-0888.html
http://www.ubuntu.com/usn/USN-1149-1
https://bugzilla.mozilla.org/show_bug.cgi?id=664009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13987

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:33

Objavljeno

30-06-2011 - 16:55