<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-0084" target="_blank">CVE</a>)</em> : The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a &quot;dangling pointer.&quot;

Upgrade Firefox to version 3.6.20 or 6 or higher, Thunderbird to version 3.1.12 or 6 or higher, and SeaMonkey to version 2.3 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• OVAL ID: 14502
• CVE ID: 2011-0084 (see also: NVD)
• Secunia Advisory ID: 45581 45612 45624 45647 45650 45666 45667 45669 45688 45718 45755 45776 45785 45802 45808 45825 45831 45844 51766
• Related OSVDB ID: 74582 74583 74584 74585 74586 74587 74588 74589 74590 74591 74592 74593 74594 74595 74596
• Vendor Specific News/Changelog Entry: http://lists.debian.org/debian-security-announce/2011/msg00169.html
  http://lists.debian.org/debian-security-announce/2011/msg00170.html
  http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064383.html
  http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064384.html
  http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064386.html
  http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064390.html
  http://lists.opensuse.org/opensuse-updates/2011-08/msg00042.html
  http://lists.opensuse.org/opensuse-updates/2011-08/msg00043.html
  http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
  http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
  https://bugzilla.mozilla.org/show_bug.cgi?id=648094 [ Auth Req'd ]
  https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-August/001397.html
• Vendor Specific Advisory URL: http://lists.debian.org/debian-security-announce/2011/msg00171.html
  http://lists.opensuse.org/opensuse-updates/2011-08/msg00039.html
  http://lists.opensuse.org/opensuse-updates/2011-08/msg00040.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-30.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-31.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-32.html
  http://www.mozilla.org/security/announce/2011/mfsa2011-33.html
  http://www.suse.com/support/security/advisories/2011_37_firefox.html
  http://www.ubuntu.com/usn/usn-1185-1/
  https://hermes.opensuse.org/messages/11623434
• Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
  http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
• Other Advisory URL: http://www.debian.org/security/2011/dsa-2295
  http://www.debian.org/security/2011/dsa-2296
  http://www.debian.org/security/2011/dsa-2297
  http://www.mandriva.com/security/advisories?name=MDVSA-2011:127
  http://www.zerodayinitiative.com/advisories/ZDI-11-270/
• RedHat RHSA: RHSA-2011:1164 RHSA-2011:1166

• regenrecht - Zero Day Initiative (ZDI)