CVE-2011-2998

Published: Sep 30, 2011Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.

Affected (21)

Products: Mozilla: Firefox

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 3.6.10
Mozilla Firefox	Version 3.6.11
Mozilla Firefox	Version 3.6.12
Mozilla Firefox	Version 3.6.13
Mozilla Firefox	Version 3.6.14
Mozilla Firefox	Version 3.6.15
Mozilla Firefox	Version 3.6.16
Mozilla Firefox	Version 3.6.17
Mozilla Firefox	Version 3.6.18
Mozilla Firefox	Version 3.6.19
Mozilla Firefox	Version 3.6.20
Mozilla Firefox	Version 3.6.21
Mozilla Firefox	Version 3.6.22
Mozilla Firefox	Version 3.6.2
Mozilla Firefox	Version 3.6.3
Mozilla Firefox	Version 3.6.4
Mozilla Firefox	Version 3.6.6
Mozilla Firefox	Version 3.6.7
Mozilla Firefox	Version 3.6.8
Mozilla Firefox	Version 3.6.9
Mozilla Firefox	Version 3.6

Related CWEs

References (22)

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2312

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2313

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2317

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:139

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:140

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:141

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2011/mfsa2011-37.html

Source: cve@mitre.org

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2011-1341.html

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=684815

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2312

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2313

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2317

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:139

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:140

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:141

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2011/mfsa2011-37.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2011-1341.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=684815

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.