CVE-2011-3650

Firefox < 3.6.24 and 4.x-7.0 - Memory Corruption via JavaScript Debugging APIs

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1439.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=674776
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13870

Scores

EPSS 0.0233
EPSS Percentile 81.5%

Details

CWE
CWE-119
Status published
Products (46)
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
mozilla/firefox 0.8
... and 36 more
Published Nov 09, 2011
Tracked Since Feb 18, 2026