ID CVE-2011-2996
Summary Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 19-09-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-10-06T04:01:06.315-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
comment Mozilla Firefox Mainline release is installed
oval oval:org.mitre.oval:def:22259
description Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
family windows
id oval:org.mitre.oval:def:14064
status accepted
submitted 2011-11-25T18:26:10.000-05:00
title Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
version 26
refmap via4
confirm
mandriva
  • MDVSA-2011:139
  • MDVSA-2011:140
suse SUSE-SU-2011:1256
Last major update 19-09-2017 - 01:33
Published 29-09-2011 - 00:55
Last modified 19-09-2017 - 01:33
Back to Top