OSVDB ID: 73187

Title: Mozilla Multiple Products nsXULCommandDispatcher.cpp Use-after-free Remote Code Execution

Info

Disclosure

Jun 21, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jun 21, 2011

Description

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade Thunderbird to 3.1.11 or higher and Firefox to 3.6.18 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	Firefox	3.6.17
Mozilla Organization	Thunderbird	3.1.10

References

OVAL ID: 14432
CVE ID: 2011-0085 (see also: NVD)
Secunia Advisory ID: 44972 44982 45002 45011 45012 45014 45038 45104 45114 45115 45138 45147 45220 45268 47636 51766
Related OSVDB ID: 73185 73186
Vendor Specific Advisory URL: http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird1
http://lists.debian.org/debian-security-announce/2011/msg00139.html
http://lists.debian.org/debian-security-announce/2011/msg00141.html
http://www.mozilla.org/security/announce/2011/mfsa2011-23.html
http://www.ubuntu.com/usn/usn-1150-1/
https://hermes.opensuse.org/messages/9086893
Vendor Specific News/Changelog Entry: http://lists.debian.org/debian-security-announce/2011/msg00145.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062409.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062413.html
http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
http://support.avaya.com/css/P8/documents/100144854
http://support.avaya.com/css/P8/documents/100145333
http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
http://www.mozilla.org/security/announce/2011/mfsa2011-23.html
https://bugzilla.mozilla.org/show_bug.cgi?id=648100
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-June/001360.html
Other Advisory URL: http://www.debian.org/security/2011/dsa-2268
http://www.debian.org/security/2011/dsa-2269
http://www.debian.org/security/2011/dsa-2273
http://www.mandriva.com/security/advisories?name=MDVSA-2011:111
http://www.ubuntu.com/usn/USN-1149-1
http://www.zerodayinitiative.com/advisories/ZDI-11-225/
RedHat RHSA: RHSA-2011:0885 RHSA-2011:0886 RHSA-2011:0887 RHSA-2011:0888

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/73187

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Firefox

Thunderbird

References

Credit