CVE-2011-0084
Last modified
CVE-2011-0084 is a vulnerability of currently unknown severity. The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer.". EPSS estimates a 4.77% chance of exploitation in the next 30 days.
Description
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mozilla | Firefox | <= 3.6.19 | — |
| Mozilla | Firefox | 1.0 | — |
| Mozilla | Firefox | 1.0.1 | — |
| Mozilla | Firefox | 1.0.2 | — |
| Mozilla | Firefox | 1.0.3 | — |
| Mozilla | Firefox | 1.0.4 | — |
| Mozilla | Firefox | 1.0.5 | — |
| Mozilla | Firefox | 1.0.6 | — |
| Mozilla | Firefox | 1.0.7 | — |
| Mozilla | Firefox | 1.0.8 | — |
| Mozilla | Firefox | 1.5 | — |
| Mozilla | Firefox | 1.5.0.1 | — |
| Mozilla | Firefox | 1.5.0.2 | — |
| Mozilla | Firefox | 1.5.0.3 | — |
| Mozilla | Firefox | 1.5.0.4 | — |
| Mozilla | Firefox | 1.5.0.5 | — |
| Mozilla | Firefox | 1.5.0.6 | — |
| Mozilla | Firefox | 1.5.0.7 | — |
| Mozilla | Firefox | 1.5.0.8 | — |
| Mozilla | Firefox | 1.5.0.9 | — |
| Mozilla | Firefox | 1.5.0.10 | — |
| Mozilla | Firefox | 1.5.0.11 | — |
| Mozilla | Firefox | 1.5.0.12 | — |
| Mozilla | Firefox | 1.5.1 | — |
| Mozilla | Firefox | 1.5.2 | — |
| Mozilla | Firefox | 1.5.3 | — |
| Mozilla | Firefox | 1.5.4 | — |
| Mozilla | Firefox | 1.5.5 | — |
| Mozilla | Firefox | 1.5.6 | — |
| Mozilla | Firefox | 1.5.7 | — |
| Mozilla | Firefox | 1.5.8 | — |
| Mozilla | Firefox | 2.0 | — |
| Mozilla | Firefox | 2.0.0.1 | — |
| Mozilla | Firefox | 2.0.0.2 | — |
| Mozilla | Firefox | 2.0.0.3 | — |
| Mozilla | Firefox | 2.0.0.4 | — |
| Mozilla | Firefox | 2.0.0.5 | — |
| Mozilla | Firefox | 2.0.0.6 | — |
| Mozilla | Firefox | 2.0.0.7 | — |
| Mozilla | Firefox | 2.0.0.8 | — |
| Mozilla | Firefox | 2.0.0.9 | — |
| Mozilla | Firefox | 2.0.0.10 | — |
| Mozilla | Firefox | 2.0.0.11 | — |
| Mozilla | Firefox | 2.0.0.12 | — |
| Mozilla | Firefox | 2.0.0.13 | — |
| Mozilla | Firefox | 2.0.0.14 | — |
| Mozilla | Firefox | 2.0.0.15 | — |
| Mozilla | Firefox | 2.0.0.16 | — |
| Mozilla | Firefox | 2.0.0.17 | — |
| Mozilla | Firefox | 2.0.0.18 | — |
Showing 50 of 150 affected configurations. See NVD for the full list.
References
- http://www.redhat.com/support/errata/RHSA-2011-1164.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2011-1166.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2011-1164.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2011-1166.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-0084?
How severe is CVE-2011-0084?
How do I fix CVE-2011-0084?
Are you affected by CVE-2011-0084?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST