Fluid Attacks Database

Description

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	xulrunner	<0:1.9.2.18-2.el5_6	0:1.9.2.18-2.el5_6
rpm rhel6	xulrunner	<0:1.9.2.18-2.el6_1	0:1.9.2.18-2.el6_1
rpm rhel5	firefox	<0:3.6.18-1.el5_6	0:3.6.18-1.el5_6
rpm rhel6	firefox	<0:3.6.18-1.el6_1	0:3.6.18-1.el6_1
rpm rhel6	thunderbird	<0:3.1.11-2.el6_1	0:3.1.11-2.el6_1
rpm rhel5	thunderbird	<0:2.0.0.24-18.el5_6	0:2.0.0.24-18.el5_6

Aliases

1. CVE-2011-23772. NVD-2011-23773. OSV-2011-2377

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.