Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
BID:50595
Info
Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
| Bugtraq ID: | 50595 |
| Class: | Unknown |
| CVE: |
CVE-2011-3650 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2011 12:00AM |
| Updated: | Sep 16 2014 08:29PM |
| Credit: | Marc Schoenefeld |
| Vulnerable: |
Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise Server 10 SP4 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise SDK 10 SP4 SuSE SUSE Linux Enterprise Desktop 11 SP1 SuSE SUSE Linux Enterprise Desktop 10 SP4 SuSE openSUSE 11.4 SuSE openSUSE 11.3 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop version 4 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Oracle Enterprise Linux 4 Mozilla Thunderbird 3.1.12 Mozilla Thunderbird 3.1.7 Mozilla Thunderbird 3.1.5 Mozilla Thunderbird 3.1.5 Mozilla Thunderbird 3.1.4 Mozilla Thunderbird 3.0.11 Mozilla Thunderbird 3.0.9 Mozilla Thunderbird 3.0.9 Mozilla Thunderbird 3.0.8 Mozilla Thunderbird 3.0.5 Mozilla Thunderbird 3.0.5 Mozilla Thunderbird 3.0.4 Mozilla Thunderbird 3.0.2 Mozilla Thunderbird 3.0.1 Mozilla Thunderbird 2.0 24 Mozilla Thunderbird 2.0 .9 Mozilla Thunderbird 2.0 .8 Mozilla Thunderbird 2.0 .6 Mozilla Thunderbird 2.0 .5 Mozilla Thunderbird 2.0 .4 Mozilla Thunderbird 2.0 .19 Mozilla Thunderbird 2.0 .17 Mozilla Thunderbird 2.0 .16 Mozilla Thunderbird 2.0 .15 Mozilla Thunderbird 2.0 .14 Mozilla Thunderbird 2.0 .13 Mozilla Thunderbird 2.0 .12 Mozilla Thunderbird 7.0 Mozilla Thunderbird 6 Mozilla Thunderbird 6 Mozilla Thunderbird 5 Mozilla Thunderbird 3.1.9 Mozilla Thunderbird 3.1.8 Mozilla Thunderbird 3.1.7 Mozilla Thunderbird 3.1.6 Mozilla Thunderbird 3.1.3 Mozilla Thunderbird 3.1.2 Mozilla Thunderbird 3.1.2 Mozilla Thunderbird 3.1.15 Mozilla Thunderbird 3.1.11 Mozilla Thunderbird 3.1.10 Mozilla Thunderbird 3.1.1 Mozilla Thunderbird 3.1 Mozilla Thunderbird 3.0.7 Mozilla Thunderbird 3.0.6 Mozilla Thunderbird 3.0.4 Mozilla Thunderbird 3.0.3 Mozilla Thunderbird 3.0.11 Mozilla Thunderbird 3.0.10 Mozilla Thunderbird 3.0 Mozilla Thunderbird 2.0.0.23 Mozilla Thunderbird 2.0.0.22 Mozilla Thunderbird 2.0.0.21 Mozilla Thunderbird 2.0.0.18 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.13 Mozilla Firefox 3.6.10 Mozilla Firefox 3.6.9 Mozilla Firefox 3.6.8 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.4 Mozilla Firefox 3.6.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.6.2 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.16 Mozilla Firefox 3.5.14 Mozilla Firefox 3.5.13 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.10 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.9 Mozilla Firefox 3.5.8 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 7 Mozilla Firefox 6 Mozilla Firefox 5.0 Mozilla Firefox 4.0.1 Mozilla Firefox 4.0 Beta1 Mozilla Firefox 4.0 Beta1 Mozilla Firefox 4.0 Mozilla Firefox 3.6.7 Mozilla Firefox 3.6.6 Mozilla Firefox 3.6.23 Mozilla Firefox 3.6.20 Mozilla Firefox 3.6.19 Mozilla Firefox 3.6.18 Mozilla Firefox 3.6.17 Mozilla Firefox 3.6.16 Mozilla Firefox 3.6.15 Mozilla Firefox 3.6.14 Mozilla Firefox 3.6.12 Mozilla Firefox 3.6.11 Mozilla Firefox 3.6 Beta 3 Mozilla Firefox 3.6 Beta 2 Mozilla Firefox 3.6 Mozilla Firefox 3.5.19 Mozilla Firefox 3.5.18 Mozilla Firefox 3.5.17 Mozilla Firefox 3.5.15 Mozilla Firefox 3.5.12 Mozilla Firefox 3.5.11 Moonchild Productions Pale Moon 3.6.26 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Messaging Storage Server 5.2.8 Avaya Messaging Storage Server 5.2.2 Avaya Messaging Storage Server 5.2 SP3 Avaya Messaging Storage Server 5.2 SP2 Avaya Messaging Storage Server 5.2 SP1 Avaya Messaging Storage Server 5.2 Avaya Messaging Storage Server 5.1 SP2 Avaya Messaging Storage Server 5.1 SP1 Avaya Messaging Storage Server 5.1 Avaya Messaging Storage Server 5.0 Avaya Messaging Storage Server 4.0 Avaya Message Networking 5.2.1 Avaya Message Networking 5.2.4 Avaya Message Networking 5.2.3 Avaya Message Networking 5.2.2 Avaya Message Networking 5.2 SP1 Avaya Message Networking 5.2 Avaya Message Networking 3.1 |
| Not Vulnerable: |
Mozilla Thunderbird 8.0 Mozilla Thunderbird 3.1.16 Mozilla Firefox 8.0 Mozilla Firefox 3.6.24 Moonchild Productions Pale Moon 3.6.27 |
Discussion
Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
Mozilla Firefox and Thunderbird are prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue is fixed in:
Firefox 8.0
Firefox 3.6.24
Thunderbird 8.0
Thunderbird 3.1.16
Mozilla Firefox and Thunderbird are prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue is fixed in:
Firefox 8.0
Firefox 3.6.24
Thunderbird 8.0
Thunderbird 3.1.16
Exploit / POC
Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
References:
References:
- Cisco NX-OS Download Page (Cisco)
- firefox security update (RHSA-2011-1437) (Avaya)
- Pale Moon: Release notes 3.6 (Moonchild Productions )
- Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco)
- Mozilla Foundation Security Advisory 2011-49 (Marc Schoenefeld)