Vulnerability identifier: #VU33969
Vulnerability risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2011-0077
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.
Mitigation
Install update from vendor's website.
External links
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird
https://downloads.avaya.com/css/P8/documents/100134543
https://downloads.avaya.com/css/P8/documents/100144158
https://www.debian.org/security/2011/dsa-2227
https://www.debian.org/security/2011/dsa-2228
https://www.debian.org/security/2011/dsa-2235
https://www.mandriva.com/security/advisories?name=MDVSA-2011:079
https://www.mandriva.com/security/advisories?name=MDVSA-2011:080
https://www.mozilla.org/security/announce/2011/mfsa2011-12.html
https://www.securityfocus.com/bid/47648
https://bugzilla.mozilla.org/show_bug.cgi?id=623998
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14193
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.