What is CVE-2011-0073?

CVE-2011-0073 is a vulnerability in Mozilla Firefox, classified under Improper Input Validation. Published 2011-05-07.

Is CVE-2011-0073 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Mozilla Firefox

CVE-2011-0073

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.812 (99.2th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 3.6, 3.6.2, 3.6.3
Mozilla Seamonkey — versions 1.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

rapid7/metasploit-framework

References

DSA-2228 (vendor-advisory, x_refsource_DEBIAN)
oval:org.mitre.oval:def:14020 (x_refsource_OVAL, signature, vdb-entry)
MDVSA-2011:079 (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
DSA-2235 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM)
DSA-2227 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_CONFIRM)
8310 (x_refsource_SREASON, third-party-advisory)

Frequently asked questions

What is CVE-2011-0073?: CVE-2011-0073 is a vulnerability in Mozilla Firefox, classified under Improper Input Validation. Published 2011-05-07.
Is CVE-2011-0073 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.