| Name | CVE-2011-2991 |
| Description | The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| iceape | source | (unstable) | (not affected) | |||
| icedove | source | (unstable) | (not affected) | |||
| iceweasel | source | lenny | (not affected) | |||
| iceweasel | source | squeeze | (not affected) | |||
| iceweasel | source | (unstable) | 6.0-1 | |||
| xulrunner | source | (unstable) | (not affected) |
- xulrunner <not-affected> (Only affects Firefox >= 4)
[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
- icedove <not-affected> (Only affects Thunderbird 5)