CVE-2011-3654 in Ubuntu

CVE-2011-3654

Priority

Low

Description

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0
does not properly handle links from SVG mpath elements to non-SVG elements,
which allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code via
unspecified vectors.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654
https://bugzilla.mozilla.org/show_bug.cgi?id=694953
http://www.ubuntu.com/usn/usn-1277-1
http://www.ubuntu.com/usn/usn-1282-1

Package

Source: thunderbird (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	released
Ubuntu 11.10 (Oneiric Ocelot):	released (8.0+build1-0ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected
Ubuntu 12.10 (Quantal Quetzal):	not-affected
Ubuntu 13.04 (Raring Ringtail):	not-affected
Ubuntu 13.10 (Saucy Salamander):	not-affected

Package

Source: xulrunner-2.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

Package

Source: firefox (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	released
Ubuntu 11.10 (Oneiric Ocelot):	released (8.0+build1-0ubuntu0.11.10.3)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected (9.0~b2+build1-0ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):	not-affected (9.0~b2+build1-0ubuntu1)
Ubuntu 13.04 (Raring Ringtail):	not-affected (9.0~b2+build1-0ubuntu1)
Ubuntu 13.10 (Saucy Salamander):	not-affected (9.0~b2+build1-0ubuntu1)

Package

Source: seamonkey (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	needs-triage
Ubuntu 11.10 (Oneiric Ocelot):	ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

Package

Source: xulrunner-1.9.2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	ignored (does not process internet content)
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

More Information

Updated: 2013-05-09 15:15:49 UTC (commit 6824)