CVE-2011-0065

Mozilla Firefox <3.5.19 & SeaMonkey <2.0.14 - Use After Free

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2011-0065. PoCs published by Metasploit, mr_me, Rh0, including Metasploit module exploits/windows/browser/mozilla_mchannel.

AI-analyzed exploit summary This Metasploit module exploits a use-after-free vulnerability in Mozilla Firefox 3.6.16 on Mac OS X by manipulating the mChannel object via the nsIChannelEventSink interface, leading to arbitrary code execution.

Description

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteosx
https://www.exploit-db.com/exploits/18377

This Metasploit module exploits a use-after-free vulnerability in Mozilla Firefox 3.6.16 on Mac OS X by manipulating the mChannel object via the nsIChannelEventSink interface, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox 3.6.16 on Mac OS X (10.6.6, 10.6.7, 10.6.8)
No auth needed
Prerequisites: Target must be using Firefox 3.6.16 on Mac OS X 10.6.x · Target must visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mr_me · htmlremotewindows
https://www.exploit-db.com/exploits/17672

This exploit targets a use-after-free vulnerability in Mozilla's mChannel Object (CVE-2011-0065) via a heap spray and ROP chain to achieve remote code execution. It leverages Java applet interaction and JavaScript to trigger the vulnerability and execute shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox (with Java <= 6 update 25)
No auth needed
Prerequisites: Java <= 6 update 25 · Mozilla Firefox with vulnerable mChannel Object implementation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17650

This Metasploit module exploits a use-after-free vulnerability in Mozilla Firefox 3.6.16 via the mChannel object, using heap spraying and a minimal ROP chain to bypass DEP on Windows XP SP3.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 3.6.16 on Windows XP SP3
No auth needed
Prerequisites: Target must be using Firefox 3.6.16 on Windows XP SP3 · JavaScript must be enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Rh0 · rubyremotewindows
https://www.exploit-db.com/exploits/17612

This Metasploit module exploits a use-after-free vulnerability in Mozilla Firefox 3.6.16 via the mChannel object, using heap spraying and a minimal ROP chain to bypass DEP on Windows XP SP3.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 3.6.16
No auth needed
Prerequisites: Target must be using Firefox 3.6.16 on Windows XP SP3 · JavaScript must be enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by regenrecht, Rh0 · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_mchannel.rb

This Metasploit module exploits a use-after-free vulnerability in Mozilla Firefox 3.6.16 via the mChannel object, leveraging heap spraying and ROP chains to bypass DEP on Windows XP SP3 and ASLR on Windows 7 with Java 6 or below.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 3.6.16
No auth needed
Prerequisites: Target running Firefox 3.6.16 on Windows XP SP3 or Windows 7 with Java 6 or below
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
by regenrecht, Rh0 · rubypocosx
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/mozilla_mchannel.rb

This Metasploit module exploits a use-after-free vulnerability in Mozilla Firefox 3.6.16 on Mac OS X. It leverages the mChannel object to achieve remote code execution via a crafted HTML page with embedded JavaScript.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox 3.6.16 on Mac OS X (10.6.6, 10.6.7, 10.6.8, 10.7.2, 10.7.3)
No auth needed
Prerequisites: Target must be using Firefox 3.6.16 on Mac OS X · Target must visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2228
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8340
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8331
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=634986
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2235
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14142
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2227
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8326
Various Sources x_refsource_confirm
http://downloads.avaya.com/css/P8/documents/100144158

Scores

EPSS 0.7363
EPSS Percentile 99.4%

Details

CWE
CWE-399
Status published
Products (47)
mozilla/firefox 3.6
mozilla/firefox 3.6.2
mozilla/firefox 3.6.3
mozilla/firefox 3.6.4
mozilla/firefox 3.6.6
mozilla/firefox 3.6.7
mozilla/firefox 3.6.8
mozilla/firefox 3.6.9
mozilla/firefox 3.6.10
mozilla/firefox 3.6.11
... and 37 more
Published May 07, 2011
Tracked Since Feb 18, 2026