#VU33969 Input validation error - CVE-2011-0077

Vulnerability identifier: #VU33969

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2011-0077

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.

Mitigation
Install update from vendor's website.

External links
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird
https://downloads.avaya.com/css/P8/documents/100134543
https://downloads.avaya.com/css/P8/documents/100144158
https://www.debian.org/security/2011/dsa-2227
https://www.debian.org/security/2011/dsa-2228
https://www.debian.org/security/2011/dsa-2235
https://www.mandriva.com/security/advisories?name=MDVSA-2011:079
https://www.mandriva.com/security/advisories?name=MDVSA-2011:080
https://www.mozilla.org/security/announce/2011/mfsa2011-12.html
https://www.securityfocus.com/bid/47648
https://bugzilla.mozilla.org/show_bug.cgi?id=623998
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14193

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.