CVE-2011-3671

high

Description

Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=739343

http://www.mozilla.org/security/announce/2012/mfsa2012-41.html

Details

Source: Mitre, NVD

Published: 2012-06-18

Updated: 2012-06-19

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H