Fluid Attacks Database

Description

The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	xulrunner	<0:1.9.2.20-2.el5	0:1.9.2.20-2.el5
rpm rhel6	firefox	<0:3.6.20-2.el6_1	0:3.6.20-2.el6_1
rpm rhel5	firefox	<0:3.6.20-2.el5	0:3.6.20-2.el5
rpm rhel6	thunderbird	<0:3.1.12-1.el6_1	0:3.1.12-1.el6_1
rpm rhel6	xulrunner	<0:1.9.2.20-2.el6_1	0:1.9.2.20-2.el6_1

Aliases

1. CVE-2011-00842. NVD-2011-00843. OSV-2011-0084

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.