Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-0054 | First vendor Publication | 2011-03-02 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:14018 | |||
| Oval ID: | oval:org.mitre.oval:def:14018 | ||
| Title: | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. | ||
| Description: | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0054 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-05-12 | Name : Debian Security Advisory DSA 2186-1 (iceweasel) File : nvt/deb_2186_1.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2187-1 (icedove) File : nvt/deb_2187_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for xulrunner-1.9.1 USN-1123-1 File : nvt/gb_ubuntu_USN_1123_1.nasl |
| 2011-03-15 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-2 File : nvt/gb_ubuntu_USN_1049_2.nasl |
| 2011-03-10 | Name : Mozilla Products Multiple Vulnerabilities March-11 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_mar11.nasl |
| 2011-03-09 | Name : Debian Security Advisory DSA 2180-1 (iceape) File : nvt/deb_2180_1.nasl |
| 2011-03-09 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox54.nasl |
| 2011-03-08 | Name : Mandriva Update for firefox MDVSA-2011:041 (firefox) File : nvt/gb_mandriva_MDVSA_2011_041.nasl |
| 2011-03-07 | Name : CentOS Update for firefox CESA-2011:0310 centos4 i386 File : nvt/gb_CESA-2011_0310_firefox_centos4_i386.nasl |
| 2011-03-07 | Name : RedHat Update for firefox RHSA-2011:0310-01 File : nvt/gb_RHSA-2011_0310-01_firefox.nasl |
| 2011-03-07 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-1 File : nvt/gb_ubuntu_USN_1049_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 72458 | Mozilla Multiple Products Non-Local JavaScript Internal Memory Mapping Overflow Mozilla Firefox and SeaMonkey are prone to an overflow condition. The JavaScript engine fails to properly sanitize user-supplied input resulting in a buffer overflow. Through vectors related to the internal memory mapping of non-local JavaScript variables, a context-dependent attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110307.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110307.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110314.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110301_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7421.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1123-1.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-110302.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-110308.nasl - Type : ACT_GATHER_INFO |
| 2011-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO |
| 2011-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-110303.nasl - Type : ACT_GATHER_INFO |
| 2011-03-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner191-7363.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2186.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2187.nasl - Type : ACT_GATHER_INFO |
| 2011-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1049-2.nasl - Type : ACT_GATHER_INFO |
| 2011-03-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-041.nasl - Type : ACT_GATHER_INFO |
| 2011-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2180.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : mozilla_firefox_3614.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : mozilla_firefox_3517.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1049-1.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : seamonkey_2012.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_45f102cd445611e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:05:54 |
|
| 2024-11-28 12:24:18 |
|
| 2024-11-01 01:15:37 |
|
| 2024-10-22 12:15:33 |
|
| 2024-08-02 12:15:30 |
|
| 2024-08-02 01:04:17 |
|
| 2024-02-10 01:14:00 |
|
| 2024-02-02 01:15:03 |
|
| 2024-02-01 12:04:12 |
|
| 2023-09-05 12:14:04 |
|
| 2023-09-05 01:04:04 |
|
| 2023-09-02 12:14:07 |
|
| 2023-09-02 01:04:07 |
|
| 2023-08-12 12:16:57 |
|
| 2023-08-12 01:04:08 |
|
| 2023-08-11 12:14:12 |
|
| 2023-08-11 01:04:16 |
|
| 2023-08-06 12:13:38 |
|
| 2023-08-06 01:04:09 |
|
| 2023-08-04 12:13:43 |
|
| 2023-08-04 01:04:10 |
|
| 2023-07-14 12:13:41 |
|
| 2023-07-14 01:04:08 |
|
| 2023-03-29 01:15:38 |
|
| 2023-03-28 12:04:14 |
|
| 2022-10-11 12:12:12 |
|
| 2022-10-11 01:03:54 |
|
| 2021-05-04 12:13:44 |
|
| 2021-04-22 01:14:54 |
|
| 2020-10-14 01:06:06 |
|
| 2020-10-03 01:06:06 |
|
| 2020-05-29 01:05:36 |
|
| 2020-05-23 01:43:36 |
|
| 2020-05-23 00:27:30 |
|
| 2017-11-22 12:03:44 |
|
| 2017-11-21 12:02:56 |
|
| 2017-09-19 09:24:07 |
|
| 2017-01-07 09:25:08 |
|
| 2016-06-28 18:29:00 |
|
| 2016-04-26 20:27:10 |
|
| 2014-06-14 13:30:00 |
|
| 2014-02-17 10:59:20 |
|
| 2013-05-10 22:51:57 |
|
