1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Mozilla Dom CVE-2011-3659

Web Attack: Mozilla Dom CVE-2011-3659

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit a remote code execution vulnerability in Mozilla Firefox.

Additional Information

Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms.

Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a use-after-free memory-corruption vulnerability. This issue occurs because the removed child nodes of 'nsDOMAttribute' can be accessed under certain circumstances due to premature notification of 'AttributeChildRemove()'.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue is fixed in:

Firefox 10.0
Firefox 3.6.26
Thunderbird 10.0
Thunderbird 3.1.18
SeaMonkey 2.7


  • Mozilla Firefox
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube