Release date: 2011-12-20
Updated on: 2011-12-21
Affected Systems:
Mozilla Firefox 8.0.1
Mozilla Firefox 8.0.
Mozilla Firefox 7.x
Mozilla Firefox 5.x
Mozilla Firefox 4.x
Mozilla Firefox 3.x
Mozilla Thunderbird 3.x
Mozilla SeaMonkey 2.x
Unaffected system:
Mozilla Firefox 9.0.
Mozilla Thunderbird 9.0
Mozilla SeaMonkey 2.6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51135
Cve id: CVE-2011-3661
Firefox is a very popular open-source WEB browser. Thunderbird is a mail client that supports IMAP, POP protocol, and HTML format. SeaMonkey is an open-source Web browser, mail and newsgroup client, IRC session client, and HTML editor.
Mozilla Firefox/Thunderbird/SeaMonkey has a denial of service vulnerability in the implementation of YARR Regular Expression Library. Attackers can exploit this vulnerability to cause denial of service and may execute arbitrary code.
<* Source: Mariusz Mlynsky
Aki Helin
Link: http://secunia.com/advisories/47302/
Http://www.mozilla.org/security/announce/2011/mfsa2011-54.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Mozilla
-------
Mozilla has released a Security Bulletin (mfsa2011-54) and patches for this:
Mfsa2011-54: Mozilla Foundation Security Advisory 2011-54
Link: http://www.mozilla.org/security/announce/2011/mfsa2011-54.html