OSVDB ID: 77955

Title: Mozilla Multiple Products for Mac DOM Frame Deletion NULL Dereference Remote Code Execution

Info

Disclosure

Dec 20, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 20, 2011

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to Firefox and Thunderbird to version 9.0 or higher, and SeaMonkey to version 2.6 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mozilla Organization	Firefox	8.0
	Thunderbird	8.0
	SeaMonkey	2.5

References

Security Tracker: 1026445 1026446 1026447
OVAL ID: 14574
CVE ID: 2011-3664 (see also: NVD)
Secunia Advisory ID: 47302 47334
Related OSVDB ID: 77951 77952 77953 77954 77956
Vendor Specific News/Changelog Entry: http://www.mozilla.org/security/announce/2011/mfsa2011-57.html
https://bugzilla.mozilla.org/show_bug.cgi?id=649079

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/77955

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Firefox

Thunderbird

SeaMonkey

References

Credit