CVE-2011-2371

SeaMonkey through 2.0.14 - Remote Code Execution via Array.reduceRight Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2011-2371. PoCs published by Metasploit, ryujin, pa_kt, including Metasploit module exploits/windows/browser/mozilla_reduceright.

AI-analyzed exploit summary This exploit targets a vulnerability in Mozilla Firefox 3.6.16/17 where an integer overflow in the Array.reduceRight() method allows arbitrary code execution. It uses a heap spray technique and ROP chain to achieve remote code execution.

Description

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17976

This exploit targets a vulnerability in Mozilla Firefox 3.6.16/17 where an integer overflow in the Array.reduceRight() method allows arbitrary code execution. It uses a heap spray technique and ROP chain to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 3.6.16/17
No auth needed
Prerequisites: Target must be using Mozilla Firefox 3.6.16 or 3.6.17 · JavaScript must be enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ryujin · htmlremotewindows
https://www.exploit-db.com/exploits/17974

This exploit leverages an integer overflow in Mozilla Firefox's Array.reduceRight() method (CVE-2011-2371) to achieve remote code execution. It uses heap spraying and a ROP chain to bypass DEP/ASLR, targeting Firefox 3.6.16/3.6.17 on Windows 7.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 3.6.16, 3.6.17
No auth needed
Prerequisites: Java-enabled browser · Windows 7 with Firefox 3.6.16/3.6.17
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by pa_kt · htmlremotewindows
https://www.exploit-db.com/exploits/18531

This is a working proof-of-concept exploit for CVE-2011-2371, targeting a use-after-free vulnerability in Firefox 4.0.1. It leverages heap spraying and ROP chains to achieve arbitrary code execution, specifically using a message box shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 4.0.1
No auth needed
Prerequisites: Victim must be using Firefox 4.0.1 with the vulnerable mozjs.dll (MD5: 5d7ffcc9deb5bb08417ceae51d2afed4)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Chris Rohlf, Yan Ivnitskiy, Matteo Memelli, dookie2000ca, Helping, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_reduceright.rb

This Metasploit module exploits CVE-2011-2371, an integer overflow in Mozilla Firefox 3.6's Array.reduceRight() method, leading to arbitrary code execution. It uses heap spraying and ROP chains to bypass ASLR and DEP, targeting specific Firefox versions on Windows.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 3.6.16/3.6.17
No auth needed
Prerequisites: Victim must be using vulnerable Firefox version · Java may be required for ASLR bypass on newer Windows versions
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (16)

Core 16
Core References
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100145333
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100144854
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:111
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13987
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45002
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1149-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0887.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0885.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2268
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0888.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2269
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2273
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8472
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=664009

Scores

EPSS 0.7569
EPSS Percentile 99.5%

Details

CWE
CWE-189
Status published
Products (47)
mozilla/firefox 1.0 (2 CPE variants)
mozilla/firefox 1.0.1
mozilla/firefox 1.0.2
mozilla/firefox 1.0.3
mozilla/firefox 1.0.4
mozilla/firefox 1.0.5
mozilla/firefox 1.0.6
mozilla/firefox 1.0.7
mozilla/firefox 1.0.8
mozilla/firefox 1.5 (3 CPE variants)
... and 37 more
Published Jun 30, 2011
Tracked Since Feb 18, 2026