Input validation error - CVE-2011-0080
Published: May 7, 2011 / Updated: August 4, 2020
Vulnerability identifier: #VU33972
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-0080
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
How to mitigate CVE-2011-0080
Install update from vendor's website.
Sources
- http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird
- http://downloads.avaya.com/css/P8/documents/100134543
- http://downloads.avaya.com/css/P8/documents/100144158
- http://www.debian.org/security/2011/dsa-2227
- http://www.debian.org/security/2011/dsa-2228
- http://www.debian.org/security/2011/dsa-2235
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:080
- http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
- http://www.securityfocus.com/bid/47641
- https://bugzilla.mozilla.org/show_bug.cgi?id=615147
- https://bugzilla.mozilla.org/show_bug.cgi?id=634257
- https://bugzilla.mozilla.org/show_bug.cgi?id=637621
- https://bugzilla.mozilla.org/show_bug.cgi?id=637957
- https://bugzilla.mozilla.org/show_bug.cgi?id=638236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13866