CVE-2011-0073
Mozilla Firefox <3.5.19 & <3.6.17, SeaMonkey <2.0.14 - RCE
Title source: llmDescription
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17520
exploitdb
WORKING POC
VERIFIED
by Abysssec · remotewindows
https://www.exploit-db.com/exploits/17419
metasploit
WORKING POC
NORMAL
by regenrecht, xero · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_nstreerange.rb
References (10)
Scores
EPSS
0.8116
EPSS Percentile
99.2%
Details
CWE
CWE-20
Status
published
Products (47)
mozilla/firefox
3.6
mozilla/firefox
3.6.2
mozilla/firefox
3.6.3
mozilla/firefox
3.6.4
mozilla/firefox
3.6.6
mozilla/firefox
3.6.7
mozilla/firefox
3.6.8
mozilla/firefox
3.6.9
mozilla/firefox
3.6.10
mozilla/firefox
3.6.11
... and 37 more
Published
May 07, 2011
Tracked Since
Feb 18, 2026