CVE-2011-3665

Mozilla Firefox 4.x-8.0 - Denial of Service via Ogg VIDEO Element Scaling

Title source: llm
STIX 2.1

Description

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:192
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=701259
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71913
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47334
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026447
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026446
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026445
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/77956
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14640
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47302

Scores

EPSS 0.0263
EPSS Percentile 83.8%

Details

CWE
CWE-399
Status published
Products (30)
mozilla/firefox 4.0 (13 CPE variants)
mozilla/firefox 4.0.1
mozilla/firefox 5.0
mozilla/firefox 5.0.1
mozilla/firefox 6.0
mozilla/firefox 6.0.1
mozilla/firefox 6.0.2
mozilla/firefox 7.0
mozilla/firefox 7.0.1
mozilla/firefox 8.0
... and 20 more
Published Dec 21, 2011
Tracked Since Feb 18, 2026