Vulnerability Details : CVE-2011-3660
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-3660
Probability of exploitation activity in the next 30 days: 21.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-3660
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2011-3660
-
https://bugzilla.mozilla.org/show_bug.cgi?id=691746
691746 - Assertion failure: JSID_IS_STRING(id) || JSID_IS_INT(id), at jswatchpoint.cpp:207
-
https://bugzilla.mozilla.org/show_bug.cgi?id=693144
693144 - Crash [@ js::mjit::EnterMethodJIT] with typed array and TI
-
https://bugzilla.mozilla.org/show_bug.cgi?id=691873
691873 - js::types::TypeCompartment::addPending can write off end of pendingArray if OOM
-
https://bugzilla.mozilla.org/show_bug.cgi?id=685186
685186 - Assertion failure: [infer failure] Missing type for arg 1 in jsinfer.cpp
-
https://bugzilla.mozilla.org/show_bug.cgi?id=682252
682252 - YARR Assertion failure: static_cast<unsigned>(-position) <= pos (or optimized crash [@ JSC::Yarr::Interpreter::checkCharacterClass])
-
https://bugzilla.mozilla.org/show_bug.cgi?id=700512
700512 - Workers + Files exposes threadsafety assertions with DataOwner
-
https://bugzilla.mozilla.org/show_bug.cgi?id=690376
690376 - Crash [@ JSObject::nonNativeSetProperty]
-
https://bugzilla.mozilla.org/show_bug.cgi?id=679494
679494 - "compartment mismatched" when listening message event
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html
[security-announce] openSUSE-SU-2012:0039-1: important: seamonkey
-
https://bugzilla.mozilla.org/show_bug.cgi?id=679986
679986 - Assertion failure: limit >= start, at jsregexpinlines.h:274 or Crash [@ QuoteString]
-
https://bugzilla.mozilla.org/show_bug.cgi?id=680687
680687 - Crash [@ nsSVGSwitchElement::FindActiveChild] after GC
-
https://bugzilla.mozilla.org/show_bug.cgi?id=686107
686107 - Crash [@ JSC::MacroAssemblerCodePtr::executableAddress()]
-
https://bugzilla.mozilla.org/show_bug.cgi?id=706249
706249 - "ASSERTION: We've overflowed the mSpec buffer" in nsStandardURL::BuildNormalizedSpec
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/71908
Mozilla Firefox, Thunderbird, and SeaMonkey safety bugs code execution CVE-2011-3660 Vulnerability Report
-
https://bugzilla.mozilla.org/show_bug.cgi?id=694200
694200 - Crash [@ js::mjit::ic::BaseIC::disable]
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14226
Repository / Oval Repository
-
http://www.securitytracker.com/id?1026446
Mozilla Seamonkey Multiple Flaws Permit Remote Code Execution and Keystroke Detection - SecurityTracker
-
https://bugzilla.mozilla.org/show_bug.cgi?id=688364
688364 - compartment mismatch when sharing with F1
-
https://bugzilla.mozilla.org/show_bug.cgi?id=697255
697255 - TM/JM: Crash [@ js_GetProperty] or [@ js::analyze::ScriptAnalysis::maybeCode] or "Assertion failure: offset < script->length," or "Assertion failure: script->code <= pc && pc < endpc,"
-
https://bugzilla.mozilla.org/show_bug.cgi?id=562442
562442 - Crash in [@ nsPluginInstanceOwner::ReleasePluginPort(void*)]
-
https://bugzilla.mozilla.org/show_bug.cgi?id=688974
688974 - Assertion failure: lastProp->hasSlot() && getSlot(lastProp->slot).isUndefined(), at jsscope.cpp:1151
-
http://www.securitytracker.com/id?1026445
Mozilla Firefox Multiple Flaws Permit Remote Code Execution and Keystroke Detection - SecurityTracker
-
https://bugzilla.mozilla.org/show_bug.cgi?id=696579
696579 - carefully chosen values of kernelUnitLength can cause lighting filters to overwrite memory they don't own
-
http://www.securitytracker.com/id?1026447
Mozilla Thunderbird Multiple Flaws Permit Remote Code Execution and Keystroke Detection - SecurityTracker
-
https://bugzilla.mozilla.org/show_bug.cgi?id=685321
685321 - Assertion failure: [infer failure] Missing type pushed 0: int, at jsinfer.cpp:341 with destructuring assignment
-
https://bugzilla.mozilla.org/show_bug.cgi?id=693143
693143 - Crash in _cairo_dwrite_font_face_scaled_font_create
-
https://bugzilla.mozilla.org/show_bug.cgi?id=689892
689892 - Assertion failure: isInterpreted(), at ../../jsfun.h:199 or Crash [@ js::gc::Cell::compartment]
-
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html
[security-announce] openSUSE-SU-2012:0007-1: important: seamonkey
-
http://www.mozilla.org/security/announce/2011/mfsa2011-53.html
Miscellaneous memory safety hazards (rv:9.0) — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=701637
701637 - DOM related GC | Cycle Collector Crash triggered by harfbuzz buffer overrun
-
https://bugzilla.mozilla.org/show_bug.cgi?id=701248
701248 - Assertion failure: ((js::SrcNoteType)(((*(sn) >> 3) >= SRC_XDELTA) ? SRC_XDELTA : *(sn) >> 3)) == SRC_DESTRUCT, at jsopcode.cpp:3543
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:192
mandriva.com
Products affected by CVE-2011-3660
- cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0a1:*:pre:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0a1pre:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*