CVE-2011-0073

NameCVE-2011-0073
DescriptionMozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2227-1, DSA-2228-1, DSA-2235-1
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)2.0.14-1high
iceapesourcelenny(not affected)
iceapesourcesqueeze2.0.11-5highDSA-2227-1
icedovesourcesqueeze3.0.11-1+squeeze2highDSA-2235-1
iceweaselsource(unstable)3.5.19-1high
iceweaselsourcelenny(not affected)
iceweaselsourcesqueeze3.5.16-7highDSA-2228-1
xulrunnersource(unstable)(unfixed)unimportant

Notes

[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
[lenny] - iceape <not-affected> (Only a stub package)
xulrunner in wheezy is not covered by security support

Search for package or bug name: Reporting problems