Vulnerability Name: | CVE-2011-2998 (CCN-70119) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2011-09-28 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2011-09-28 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2017-09-19 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-189 CWE-190 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2011-2998 Source: SUSE Type: UNKNOWN SUSE-SU-2011:1256 Source: CCN Type: RHSA-2011-1341 Critical: firefox security update Source: CCN Type: RHSA-2011-1342 Critical: thunderbird security update Source: CCN Type: RHSA-2011-1343 Critical: thunderbird security update Source: CCN Type: RHSA-2011-1344 Critical: seamonkey security update Source: DEBIAN Type: UNKNOWN DSA-2312 Source: DEBIAN Type: UNKNOWN DSA-2313 Source: DEBIAN Type: UNKNOWN DSA-2317 Source: DEBIAN Type: DSA-2312 iceape -- several vulnerabilities Source: DEBIAN Type: DSA-2313 iceweasel -- several vulnerabilities Source: DEBIAN Type: DSA-2317 icedove -- several vulnerabilities Source: MANDRIVA Type: UNKNOWN MDVSA-2011:139 Source: MANDRIVA Type: UNKNOWN MDVSA-2011:140 Source: MANDRIVA Type: UNKNOWN MDVSA-2011:141 Source: CCN Type: Mozilla Foundation Security Advisory 2011-37 Integer underflow when using JavaScript RegExp Source: CONFIRM Type: Vendor Advisory http://www.mozilla.org/security/announce/2011/mfsa2011-37.html Source: CCN Type: OSVDB ID: 75837 Mozilla Firefox Regular Expression Unspecified Underflow Source: REDHAT Type: UNKNOWN RHSA-2011:1341 Source: CCN Type: BID-49809 Mozilla Firefox RegExp Remote Integer Underflow Vulnerability Source: CONFIRM Type: UNKNOWN https://bugzilla.mozilla.org/show_bug.cgi?id=684815 Source: XF Type: UNKNOWN firefox-jsregex-dos(70119) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:14012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: Configuration RedHat 10: Configuration RedHat 11: Configuration RedHat 12: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
BACK |