|
|
|
Credit:
The original article can be found at: http://www.securityfocus.com/bid/47657
The information has been provided by Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, Nils, Scoobidiver, and Ted Mielczarek.
|
|
Vulnerable Systems:
* Mozilla Thunderbird 3.1.7
* Mozilla Thunderbird 3.1.5
* Mozilla Thunderbird 3.1.5
* Mozilla Thunderbird 3.1.4
* Mozilla Thunderbird 3.0.11
* Mozilla Thunderbird 3.0.9
* Mozilla Thunderbird 3.0.9
* Mozilla Thunderbird 3.0.8
* Mozilla Thunderbird 3.0.5
* Mozilla Thunderbird 3.0.5
* Mozilla Thunderbird 3.0.4
* Mozilla Thunderbird 3.0.2
* Mozilla Thunderbird 3.0.1
* Mozilla Thunderbird 3.1.9
* Mozilla Thunderbird 3.1.8
* Mozilla Thunderbird 3.1.7
* Mozilla Thunderbird 3.1.6
* Mozilla Thunderbird 3.1.3
* Mozilla Thunderbird 3.1.2
* Mozilla Thunderbird 3.1.2
* Mozilla Thunderbird 3.1.1
* Mozilla Thunderbird 3.1
* Mozilla Thunderbird 3.0.7
* Mozilla Thunderbird 3.0.6
* Mozilla Thunderbird 3.0.4
* Mozilla Thunderbird 3.0.3
* Mozilla Thunderbird 3.0.11
* Mozilla Thunderbird 3.0.10
* Mozilla Thunderbird 3.0
* Mozilla SeaMonkey 2.0.11
* Mozilla SeaMonkey 2.0.11
* Mozilla SeaMonkey 2.0.9
* Mozilla SeaMonkey 2.0.8
* Mozilla SeaMonkey 2.0.5
* Mozilla SeaMonkey 2.0.4
* Mozilla SeaMonkey 2.0.3
* Mozilla SeaMonkey 2.0.2
* Mozilla SeaMonkey 2.0.1
* Mozilla SeaMonkey 2.0.9
* Mozilla SeaMonkey 2.0.7
* Mozilla SeaMonkey 2.0.6
* Mozilla SeaMonkey 2.0.5
* Mozilla SeaMonkey 2.0.4
* Mozilla SeaMonkey 2.0.13
* Mozilla SeaMonkey 2.0.12
* Mozilla SeaMonkey 2.0.10
* Mozilla SeaMonkey 2.0 Rc2
* Mozilla SeaMonkey 2.0 Rc1
* Mozilla SeaMonkey 2.0 Beta 2
* Mozilla SeaMonkey 2.0 Beta 1
* Mozilla SeaMonkey 2.0 Alpha 3
* Mozilla SeaMonkey 2.0 Alpha 2
* Mozilla SeaMonkey 2.0 Alpha 1
* Mozilla SeaMonkey 2.0
* Mozilla Firefox 3.6.13
* Mozilla Firefox 3.6.13
* Mozilla Firefox 3.6.10
* Mozilla Firefox 3.6.9
* Mozilla Firefox 3.6.8
* Mozilla Firefox 3.6.6
* Mozilla Firefox 3.6.4
* Mozilla Firefox 3.6.3
* Mozilla Firefox 3.6.2
* Mozilla Firefox 3.6.2
* Mozilla Firefox 3.5.17
* Mozilla Firefox 3.5.16
* Mozilla Firefox 3.5.14
* Mozilla Firefox 3.5.13
* Mozilla Firefox 3.5.10
* Mozilla Firefox 3.5.10
* Mozilla Firefox 3.5.9
* Mozilla Firefox 3.5.9
* Mozilla Firefox 3.5.8
* Mozilla Firefox 3.5.7
* Mozilla Firefox 3.5.6
* Mozilla Firefox 3.5.5
* Mozilla Firefox 3.5.4
* Mozilla Firefox 3.5.3
* Mozilla Firefox 3.5.2
* Mozilla Firefox 3.5.1
* Mozilla Firefox 3.5
* Mozilla Firefox 4.0 Beta1
* Mozilla Firefox 4.0 Beta1
* Mozilla Firefox 3.6.7
* Mozilla Firefox 3.6.6
* Mozilla Firefox 3.6.16
* Mozilla Firefox 3.6.15
* Mozilla Firefox 3.6.14
* Mozilla Firefox 3.6.12
* Mozilla Firefox 3.6.11
* Mozilla Firefox 3.6 Beta 3
* Mozilla Firefox 3.6 Beta 2
* Mozilla Firefox 3.6
* Mozilla Firefox 3.5.18
* Mozilla Firefox 3.5.17
* Mozilla Firefox 3.5.15
* Mozilla Firefox 3.5.12
* Mozilla Firefox 3.5.11
Non-Vulnerable Systems:
* Mozilla Thunderbird 3.1.10
* Mozilla SeaMonkey 2.0.14
* Mozilla Firefox 4.0.1
* Mozilla Firefox 4.0
* Mozilla Firefox 3.6.17
* Mozilla Firefox 3.5.19
An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Vendor Status:
Mozilla as issued an update for this vulnerablity
Patch Availability:
http://www.mozilla.org/en-US/products/download.html?product=firefox-12.0&os=win&lang=en-US
CVE Information:
CVE-2011-0079
Disclosure Timeline:
Initial Release Apr 28 2011
|
|
|
|