Input validation error in XULRunner - CVE-2011-0081
Published: May 7, 2011 / Updated: August 4, 2020
Vulnerability identifier: #VU33973
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-0081
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
XULRunner
XULRunner
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
How to mitigate CVE-2011-0081
Install update from vendor's website.
Sources
- http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird
- http://downloads.avaya.com/css/P8/documents/100144158
- http://www.debian.org/security/2011/dsa-2227
- http://www.debian.org/security/2011/dsa-2228
- http://www.debian.org/security/2011/dsa-2235
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:080
- http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
- http://www.securityfocus.com/bid/47653
- https://bugzilla.mozilla.org/show_bug.cgi?id=645289
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13993