CVE-2011-3658

Mozilla Firefox <8.0, Thunderbird <8.0, SeaMonkey <2.5 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-3658. PoCs published by Metasploit, regenrecht, including Metasploit module exploits/windows/browser/mozilla_nssvgvalue.

AI-analyzed exploit summary This is a Metasploit module exploiting an out-of-bounds access vulnerability in Firefox 7/8 (<= 8.0.1) via the nsSVGValue observer mechanism. It achieves remote code execution by manipulating memory layout and leveraging ROP chains.

Description

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18847

This is a Metasploit module exploiting an out-of-bounds access vulnerability in Firefox 7/8 (<= 8.0.1) via the nsSVGValue observer mechanism. It achieves remote code execution by manipulating memory layout and leveraging ROP chains.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 7.0, 8.0, 8.0.1
No auth needed
Prerequisites: Target must be using Firefox 7.0, 8.0, or 8.0.1 on Windows XP · JavaScript must be enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by regenrecht · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mozilla_nssvgvalue.rb

This Metasploit module exploits an out-of-bounds access vulnerability in Firefox 7 and 8 (<= 8.0.1) via the nsSVGValue observer notification mechanism, allowing remote code execution through memory corruption and ROP chains.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Mozilla Firefox 7.0, 8.0, 8.0.1
No auth needed
Prerequisites: Target must be using Firefox 7 or 8 (<= 8.0.1) on Windows XP · JavaScript must be enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (20)

Core 20
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:192
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48823
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1401-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47334
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026447
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026446
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49055
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71910
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026445
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/77953
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=708186
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48495
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48553
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47302
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14664

Scores

EPSS 0.7019
EPSS Percentile 99.3%

Details

CWE
CWE-399
Status published
Products (3)
mozilla/firefox 8.0
mozilla/seamonkey 2.5
mozilla/thunderbird 8.0
Published Dec 21, 2011
Tracked Since Feb 18, 2026