CVE-2011-3658
Published: 20 December 2011
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Released
|
|
| maverick |
Ignored
(reached end-of-life)
|
|
| natty |
Released
(9.0.1+build1-0ubuntu0.11.04.1)
|
|
| oneiric |
Released
(9.0.1+build1-0ubuntu0.11.10.2)
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| saucy |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
seamonkey Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Ignored
(reached end-of-life)
|
|
| maverick |
Ignored
(reached end-of-life)
|
|
| natty |
Ignored
(reached end-of-life)
|
|
| oneiric |
Ignored
(reached end-of-life)
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Released
(3.1.20+build1+nobinonly-0ubuntu0.10.04.1)
|
|
| maverick |
Released
(3.1.20+build1+nobinonly-0ubuntu0.10.10.1)
|
|
| natty |
Released
(3.1.20+build1+nobinonly-0ubuntu0.11.04.1)
|
|
| oneiric |
Released
(9.0+build2-0ubuntu0.11.10.1)
|
|
| precise |
Not vulnerable
(11.0.1+build1-0ubuntu2)
|
|
| quantal |
Not vulnerable
(15.0+build1-0ubuntu1)
|
|
| raring |
Not vulnerable
(15.0+build1-0ubuntu1)
|
|
| saucy |
Not vulnerable
(15.0+build1-0ubuntu1)
|
|
| upstream |
Released
(9.0)
|
|
|
xulrunner-1.9.2 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Released
(1.9.2.28+build1+nobinonly-0ubuntu0.10.04.1)
|
|
| maverick |
Released
(1.9.2.28+build1+nobinonly-0ubuntu0.10.10.1)
|
|
| natty |
Released
(1.9.2.28+build1+nobinonly-0ubuntu0.11.04.1)
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
xulrunner-2.0 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Ignored
(does not process internet content)
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| upstream |
Needs triage
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658
- http://www.mozilla.org/security/announce/2011/mfsa2011-55.html
- https://ubuntu.com/security/notices/USN-1306-1
- https://ubuntu.com/security/notices/USN-1343-1
- https://ubuntu.com/security/notices/USN-1401-1
- https://ubuntu.com/security/notices/USN-1401-2
- NVD
- Launchpad
- Debian