CVE-2011-3660

Priority
Medium
Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before
2.6 allow remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code via vectors that
trigger a compartment mismatch associated with the
nsDOMMessageEvent::GetData function, and unknown other vectors.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660
http://www.mozilla.org/security/announce/2011/mfsa2011-53.html
http://www.ubuntu.com/usn/usn-1306-1
http://www.ubuntu.com/usn/usn-1343-1
Bugs
https://bugzilla.mozilla.org/show_bug.cgi?id=706249
https://bugzilla.mozilla.org/show_bug.cgi?id=701637
https://bugzilla.mozilla.org/show_bug.cgi?id=701248
https://bugzilla.mozilla.org/show_bug.cgi?id=700512
https://bugzilla.mozilla.org/show_bug.cgi?id=697255
https://bugzilla.mozilla.org/show_bug.cgi?id=696579
https://bugzilla.mozilla.org/show_bug.cgi?id=694200
https://bugzilla.mozilla.org/show_bug.cgi?id=693144
https://bugzilla.mozilla.org/show_bug.cgi?id=693143
https://bugzilla.mozilla.org/show_bug.cgi?id=691873
https://bugzilla.mozilla.org/show_bug.cgi?id=691746
https://bugzilla.mozilla.org/show_bug.cgi?id=690376
https://bugzilla.mozilla.org/show_bug.cgi?id=689892
https://bugzilla.mozilla.org/show_bug.cgi?id=688974
https://bugzilla.mozilla.org/show_bug.cgi?id=688364
https://bugzilla.mozilla.org/show_bug.cgi?id=686107
https://bugzilla.mozilla.org/show_bug.cgi?id=685321
https://bugzilla.mozilla.org/show_bug.cgi?id=685186
https://bugzilla.mozilla.org/show_bug.cgi?id=682252
https://bugzilla.mozilla.org/show_bug.cgi?id=680687
https://bugzilla.mozilla.org/show_bug.cgi?id=679986
https://bugzilla.mozilla.org/show_bug.cgi?id=679494
https://bugzilla.mozilla.org/show_bug.cgi?id=562442
Assigned-to
micahg
Package
Source: thunderbird (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):needs-triage
Ubuntu 10.10 (Maverick Meerkat):needs-triage
Ubuntu 11.04 (Natty Narwhal):needs-triage
Ubuntu 11.10 (Oneiric Ocelot):released (9.0+build2-0ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Package
Source: xulrunner-2.0 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 10.10 (Maverick Meerkat):DNE
Ubuntu 11.04 (Natty Narwhal):ignored (does not process internet content)
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Source: firefox (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):needs-triage
Ubuntu 10.10 (Maverick Meerkat):needs-triage
Ubuntu 11.04 (Natty Narwhal):released (9.0.1+build1-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (9.0.1+build1-0ubuntu0.11.10.2)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Package
Source: seamonkey (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):needs-triage
Ubuntu 10.10 (Maverick Meerkat):needs-triage
Ubuntu 11.04 (Natty Narwhal):needs-triage
Ubuntu 11.10 (Oneiric Ocelot):needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Package
Source: xulrunner-1.9.2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):needs-triage
Ubuntu 10.10 (Maverick Meerkat):needs-triage
Ubuntu 11.04 (Natty Narwhal):needs-triage
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-01-24 15:14:13 UTC (commit 4725)