1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Mozilla Firefox CVE-2011-2371

Web Attack: Mozilla Firefox CVE-2011-2371

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a remote code-execution vulnerability; fixes are available.

Additional Information

Firefox is a browser. SeaMonkey is a suite of applications that includes a browser and an email client. Thunderbird is an email client. All three applications are available for multiple platforms.

Mozilla Firefox, Thunderbird, and SeaMonkey are prone to a remote code-execution vulnerability due to an integer-overflow. The problem occurs when handling a JavaScript array with an extremely large length while also handling a 'reduceRight()' method call on the same array.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

NOTE: This issue was previously discussed in BID 48354 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-19 through -28 Multiple Vulnerabilities) but has been given its own record to better document it.

Affected

  • Ubuntu Ubuntu Linux 11.04 powerpc
  • Ubuntu Ubuntu Linux 11.04 i386
  • Ubuntu Ubuntu Linux 11.04 ARM
  • Ubuntu Ubuntu Linux 11.04 amd64
  • Ubuntu Ubuntu Linux 10.10 powerpc
  • Ubuntu Ubuntu Linux 10.10 i386
  • Ubuntu Ubuntu Linux 10.10 ARM
  • Ubuntu Ubuntu Linux 10.10 amd64
  • Ubuntu Ubuntu Linux 10.04 sparc
  • Ubuntu Ubuntu Linux 10.04 powerpc
  • Ubuntu Ubuntu Linux 10.04 i386
  • Ubuntu Ubuntu Linux 10.04 ARM
  • Ubuntu Ubuntu Linux 10.04 amd64
  • SuSE SUSE Linux Enterprise Teradata 10 SP3
  • SuSE SUSE Linux Enterprise Software Development Kit 11 SP1
  • SuSE SUSE Linux Enterprise Server 11 SP1
  • SuSE SUSE Linux Enterprise Server 10 SP4
  • SuSE SUSE Linux Enterprise Server 10 SP3
  • SuSE SUSE Linux Enterprise SDK 11 SP1
  • SuSE SUSE Linux Enterprise SDK 10 SP4
  • SuSE SUSE Linux Enterprise SDK 10 SP3
  • SuSE SUSE Linux Enterprise Desktop 11 SP1
  • + Linux kernel 2.6.5
  • SuSE SUSE Linux Enterprise Desktop 10 SP4
  • + Linux kernel 2.6.5
  • SuSE openSUSE 11.4
  • SuSE openSUSE 11.3
  • Sun Solaris 11 Express
  • Sun Solaris 11 Express
  • Sun Solaris 10_x86
  • Sun Solaris 10_sparc
  • Slackware Linux x86_64 -current
  • Slackware Linux 13.37 x86_64
  • Slackware Linux 13.37
  • Slackware Linux 13.1 x86_64
  • Slackware Linux 13.1
  • Slackware Linux 13.0 x86_64
  • Slackware Linux 13.0
  • Slackware Linux -current
  • RedHat Enterprise Linux WS 4
  • RedHat Enterprise Linux Optional Productivity Application 5 server
  • RedHat Enterprise Linux ES 4
  • RedHat Enterprise Linux Desktop Workstation 5 client
  • RedHat Enterprise Linux Desktop version 4
  • Red Hat Fedora 15
  • Red Hat Fedora 14
  • Red Hat Enterprise Linux Workstation Optional 6
  • Red Hat Enterprise Linux Workstation 6
  • Red Hat Enterprise Linux Server Optional 6
  • Red Hat Enterprise Linux Server 6
  • Red Hat Enterprise Linux HPC Node Optional 6
  • Red Hat Enterprise Linux Desktop Optional 6
  • Red Hat Enterprise Linux Desktop 6
  • Red Hat Enterprise Linux Desktop 5 client
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux 5 Server
  • Mozilla Thunderbird 3.1.7
  • Mozilla Thunderbird 3.1.5
  • Mozilla Thunderbird 3.1.5
  • Mozilla Thunderbird 3.1.4
  • Mozilla Thunderbird 3.0.11
  • Mozilla Thunderbird 3.0.9
  • Mozilla Thunderbird 3.0.9
  • Mozilla Thunderbird 3.0.8
  • Mozilla Thunderbird 3.0.5
  • Mozilla Thunderbird 3.0.5
  • Mozilla Thunderbird 3.0.4
  • Mozilla Thunderbird 3.0.2
  • Mozilla Thunderbird 3.0.1
  • Mozilla Thunderbird 2.0 24
  • Mozilla Thunderbird 2.0 .9
  • Mozilla Thunderbird 2.0 .8
  • Mozilla Thunderbird 2.0 .6
  • Mozilla Thunderbird 2.0 .5
  • Mozilla Thunderbird 2.0 .4
  • Mozilla Thunderbird 2.0 .19
  • Mozilla Thunderbird 2.0 .17
  • Mozilla Thunderbird 2.0 .16
  • Mozilla Thunderbird 2.0 .15
  • Mozilla Thunderbird 2.0 .14
  • Mozilla Thunderbird 2.0 .13
  • Mozilla Thunderbird 2.0 .12
  • Mozilla Thunderbird 3.1.9
  • Mozilla Thunderbird 3.1.8
  • Mozilla Thunderbird 3.1.7
  • Mozilla Thunderbird 3.1.6
  • Mozilla Thunderbird 3.1.3
  • Mozilla Thunderbird 3.1.2
  • Mozilla Thunderbird 3.1.2
  • Mozilla Thunderbird 3.1.10
  • Mozilla Thunderbird 3.1.1
  • Mozilla Thunderbird 3.1
  • Mozilla Thunderbird 3.0.7
  • Mozilla Thunderbird 3.0.6
  • Mozilla Thunderbird 3.0.4
  • Mozilla Thunderbird 3.0.3
  • Mozilla Thunderbird 3.0.11
  • Mozilla Thunderbird 3.0.10
  • Mozilla Thunderbird 3.0
  • Mozilla Thunderbird 2.0.0.23
  • Mozilla Thunderbird 2.0.0.22
  • Mozilla Thunderbird 2.0.0.21
  • Mozilla Thunderbird 2.0.0.18
  • Mozilla SeaMonkey 2.0.11
  • Mozilla SeaMonkey 2.0.11
  • Mozilla SeaMonkey 2.0.9
  • Mozilla SeaMonkey 2.0.8
  • Mozilla SeaMonkey 2.0.5
  • Mozilla SeaMonkey 2.0.4
  • Mozilla SeaMonkey 2.0.3
  • Mozilla SeaMonkey 2.0.2
  • Mozilla SeaMonkey 2.0.1
  • Mozilla SeaMonkey 2.1b2
  • Mozilla SeaMonkey 2.1 Alpha3
  • Mozilla SeaMonkey 2.1 Alpha2
  • Mozilla SeaMonkey 2.1 Alpha1
  • Mozilla SeaMonkey 2.0.9
  • Mozilla SeaMonkey 2.0.7
  • Mozilla SeaMonkey 2.0.6
  • Mozilla SeaMonkey 2.0.5
  • Mozilla SeaMonkey 2.0.4
  • Mozilla SeaMonkey 2.0.14
  • Mozilla SeaMonkey 2.0.13
  • Mozilla SeaMonkey 2.0.12
  • Mozilla SeaMonkey 2.0.10
  • Mozilla SeaMonkey 2.0 Rc2
  • Mozilla SeaMonkey 2.0 Rc1
  • Mozilla SeaMonkey 2.0 Beta 2
  • Mozilla SeaMonkey 2.0 Beta 1
  • Mozilla SeaMonkey 2.0 Alpha 3
  • Mozilla SeaMonkey 2.0 Alpha 2
  • Mozilla SeaMonkey 2.0 Alpha 1
  • Mozilla SeaMonkey 2.0
  • Mozilla SeaMonkey 1.5.0.9
  • Mozilla SeaMonkey 1.5.0.8
  • Mozilla SeaMonkey 1.5.0.10
  • Mozilla Firefox 3.6.13
  • Mozilla Firefox 3.6.13
  • Mozilla Firefox 3.6.10
  • Mozilla Firefox 3.6.9
  • Mozilla Firefox 3.6.8
  • Mozilla Firefox 3.6.6
  • Mozilla Firefox 3.6.4
  • Mozilla Firefox 3.6.3
  • Mozilla Firefox 3.6.2
  • Mozilla Firefox 3.6.2
  • Mozilla Firefox 3.5.17
  • Mozilla Firefox 3.5.16
  • Mozilla Firefox 3.5.14
  • Mozilla Firefox 3.5.13
  • Mozilla Firefox 3.5.10
  • Mozilla Firefox 3.5.10
  • Mozilla Firefox 3.5.9
  • Mozilla Firefox 3.5.9
  • Mozilla Firefox 3.5.8
  • Mozilla Firefox 3.5.7
  • Mozilla Firefox 3.5.6
  • Mozilla Firefox 3.5.5
  • Mozilla Firefox 3.5.4
  • Mozilla Firefox 3.5.3
  • Mozilla Firefox 3.5.2
  • Mozilla Firefox 3.5.1
  • Mozilla Firefox 3.5
  • Mozilla Firefox 4.0.1
  • Mozilla Firefox 4.0 Beta1
  • Mozilla Firefox 4.0 Beta1
  • Mozilla Firefox 4.0
  • Mozilla Firefox 3.6.7
  • Mozilla Firefox 3.6.6
  • Mozilla Firefox 3.6.17
  • Mozilla Firefox 3.6.16
  • Mozilla Firefox 3.6.15
  • Mozilla Firefox 3.6.14
  • Mozilla Firefox 3.6.12
  • Mozilla Firefox 3.6.11
  • Mozilla Firefox 3.6 Beta 3
  • Mozilla Firefox 3.6 Beta 2
  • Mozilla Firefox 3.6
  • Mozilla Firefox 3.5.19
  • Mozilla Firefox 3.5.18
  • Mozilla Firefox 3.5.17
  • Mozilla Firefox 3.5.15
  • Mozilla Firefox 3.5.12
  • Mozilla Firefox 3.5.11
  • Mandriva Linux Mandrake 2010.1 x86_64
  • Mandriva Linux Mandrake 2010.1
  • Mandriva Linux Mandrake 2009.0 x86_64
  • Mandriva Linux Mandrake 2009.0
  • MandrakeSoft Enterprise Server 5 x86_64
  • MandrakeSoft Enterprise Server 5
  • Debian Linux 6.0 sparc
  • Debian Linux 6.0 s/390
  • Debian Linux 6.0 powerpc
  • Debian Linux 6.0 mips
  • Debian Linux 6.0 ia-64
  • Debian Linux 6.0 ia-32
  • Debian Linux 6.0 arm
  • Debian Linux 6.0 amd64
  • Avaya Messaging Storage Server 5.2.8
  • Avaya Messaging Storage Server 5.2.2
  • Avaya Messaging Storage Server 5.2 SP3
  • Avaya Messaging Storage Server 5.2 SP2
  • Avaya Messaging Storage Server 5.2 SP1
  • Avaya Messaging Storage Server 5.2
  • Avaya Messaging Storage Server 5.1 SP2
  • Avaya Messaging Storage Server 5.1 SP1
  • Avaya Messaging Storage Server 5.1
  • Avaya Messaging Storage Server 5.0
  • Avaya Messaging Storage Server 4.0
  • Avaya Message Networking 5.2.1
  • Avaya Message Networking 5.2.2
  • Avaya Message Networking 5.2 SP1
  • Avaya Message Networking 5.2
  • Avaya Message Networking 3.1
  • Avaya IQ 4.1
  • Avaya IQ 5.2
  • Avaya IQ 5.1
  • Avaya IQ 5
  • Avaya IQ 4.2
  • Avaya IQ 4.0
  • Avaya Interactive Response 4.0
  • Avaya Aura System Manager 6.1.1
  • Avaya Aura System Manager 6.1 SP2
  • Avaya Aura System Manager 6.1 Sp1
  • Avaya Aura System Manager 6.1
  • Avaya Aura System Manager 6.0 SP1
  • Avaya Aura System Manager 6.0
  • Avaya Aura System Manager 5.2
  • Avaya Aura Session Manager 6.1 SP2
  • Avaya Aura Session Manager 6.1 Sp1
  • Avaya Aura Session Manager 6.1
  • Avaya Aura Session Manager 6.0 SP1
  • Avaya Aura Session Manager 6.0
  • Avaya Aura Session Manager 5.2 SP2
  • Avaya Aura Session Manager 5.2 SP1
  • Avaya Aura Session Manager 5.2
  • Avaya Aura Session Manager 1.1
  • Avaya Aura Presence Services 6.1
  • Avaya Aura Presence Services 6.0

Response

Updates are available. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube