CVE-2011-3650

Sažetak

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

Reference

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://www.mozilla.org/security/announce/2011/mfsa2011-49.html
http://www.redhat.com/support/errata/RHSA-2011-1439.html
https://bugzilla.mozilla.org/show_bug.cgi?id=674776
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13870

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-09-2017 - 01:34

Objavljeno

09-11-2011 - 11:55