What is CVE-2011-2371?

CVE-2011-2371 is a vulnerability in Mozilla Firefox, classified under CWE-189. Published 2011-06-30.

Is CVE-2011-2371 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Firefox

CVE-2011-2371

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long…

EPSS: 0.862 (99.4th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 1.0, 1.0.1, 1.0.2
Mozilla Seamonkey — versions 1.0, 1.0.1, 1.0.2
Mozilla Thunderbird — versions 0.1, 0.2, 0.3
N/a — versions n/a

Weakness classification (CWE)

CWE-189

Public proof-of-concept exploits

References

MDVSA-2011:111 (vendor-advisory, x_refsource_MANDRIVA)
oval:org.mitre.oval:def:13987 (x_refsource_OVAL, signature, vdb-entry)
45002 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM)
USN-1149-1 (x_refsource_UBUNTU, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
RHSA-2011:0887 (x_refsource_REDHAT, vendor-advisory)
RHSA-2011:0885 (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
DSA-2268 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2011-2371?: CVE-2011-2371 is a vulnerability in Mozilla Firefox, classified under CWE-189. Published 2011-06-30.
Is CVE-2011-2371 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.