CVE-2011-0084

Publication date 17 August 2011

Last updated 24 July 2024


Ubuntu priority

The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

Status

Package Ubuntu Release Status
firefox 12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Fixed 6.0+build1+nobinonly-0ubuntu0.11.04.1
10.10 maverick
Fixed 3.6.20+build1+nobinonly-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 3.6.20+build1+nobinonly-0ubuntu0.10.04.1
8.04 LTS hardy Ignored end of life
firefox-3.0 12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Ignored end of life
firefox-3.5 12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
seamonkey 12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy Ignored end of life
thunderbird 12.10 quantal
Not affected
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Fixed 3.1.12+build1+nobinonly-0ubuntu0.11.04.1
10.10 maverick
Fixed 3.1.12+build1+nobinonly-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 3.1.12+build1+nobinonly-0ubuntu0.10.04.1
8.04 LTS hardy Ignored end of life
xulrunner-1.9.2 12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty
Fixed 1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1
10.10 maverick
Fixed 1.9.2.20+build1+nobinonly-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 1.9.2.20+build1+nobinonly-0ubuntu0.10.04.1
8.04 LTS hardy Ignored end of life
xulrunner-2.0 12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Ignored end of life
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-1185-1
    • Thunderbird vulnerabilities
    • 26 August 2011
    • USN-1192-1
    • Firefox vulnerabilities
    • 17 August 2011
    • USN-1184-1
    • Firefox and Xulrunner vulnerabilities
    • 19 August 2011

Other references