Vulnerability Details : CVE-2011-3659
Public exploit exists!
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2011-3659
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3659
93.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-3659
-
Firefox 8/9 AttributeChildRemoved() Use-After-Free
Disclosure Date: 2011-12-06First seen: 2020-04-26exploit/windows/browser/mozilla_attribchildremovedThis module exploits a use-after-free vulnerability in Firefox 8/8.0.1 and 9/9.0.1. Removal of child nodes from the nsDOMAttribute can allow for a child to still be accessible after removal due to a premature notification of AttributeChildRemoved. Since mFirstChild i
CVSS scores for CVE-2011-3659
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-3659
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3659
-
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html
[security-announce] SUSE-SU-2012:0198-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
[security-announce] openSUSE-SU-2012:0234-1: important: MozillaFirefox:Mailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
mandriva.comThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14697
Repository / Oval RepositoryThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html
[security-announce] SUSE-SU-2012:0221-1: important: Security update forMailing List;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=708198
708198 - (CVE-2011-3659) AttributeChildRemoved Use-After-Free (ZDI-CAN-1413)Exploit;Issue Tracking;Patch;Vendor Advisory
-
http://www.mozilla.org/security/announce/2012/mfsa2012-04.html
Child nodes from nsDOMAttribute still accessible after removal of nodes — MozillaVendor Advisory
Jump to