CVE-2011-2991

Firefox 4.x-5 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Description

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14303
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=655660
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49055

Scores

EPSS 0.0448
EPSS Percentile 90.4%

Details

CWE
CWE-119
Status published
Products (20)
mozilla/firefox 4.0 (13 CPE variants)
mozilla/firefox 4.0.1
mozilla/firefox 5.0
mozilla/seamonkey 2.0 (8 CPE variants)
mozilla/seamonkey 2.0.1
mozilla/seamonkey 2.0.2
mozilla/seamonkey 2.0.3
mozilla/seamonkey 2.0.4
mozilla/seamonkey 2.0.5
mozilla/seamonkey 2.0.6
... and 10 more
Published Aug 18, 2011
Tracked Since Feb 18, 2026