#VU33971 Input validation error - CVE-2011-0079

Cybersecurity Help s.r.o.

Published: 2011-05-07 | Updated: 2020-08-04

Vulnerability identifier: #VU33971

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2011-0079

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.

Mitigation
Install update from vendor's website.

External links
https://www.mozilla.org/security/announce/2011/mfsa2011-12.html
https://bugzilla.mozilla.org/show_bug.cgi?id=601102
https://bugzilla.mozilla.org/show_bug.cgi?id=639343
https://bugzilla.mozilla.org/show_bug.cgi?id=639728
https://bugzilla.mozilla.org/show_bug.cgi?id=639885
https://bugzilla.mozilla.org/show_bug.cgi?id=641388
https://bugzilla.mozilla.org/show_bug.cgi?id=642717
https://bugzilla.mozilla.org/show_bug.cgi?id=643649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14232

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in xulrunner (Alpine package)