Novell Home

CVE-2011-3002

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-3002 at MITRE

Description

Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 720264

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.4
  • MozillaFirefox >= 7.0-1.2.1
  • MozillaFirefox-branding-upstream >= 7.0-1.2.1
  • MozillaFirefox-buildsymbols >= 7.0-1.2.1
  • MozillaFirefox-devel >= 7.0-1.2.1
  • MozillaFirefox-translations-common >= 7.0-1.2.1
  • MozillaFirefox-translations-other >= 7.0-1.2.1
openSUSE 11.3
  • seamonkey-debuginfo >= 2.4-1.2.1
  • seamonkey-debugsource >= 2.4-1.2.1
openSUSE 11.3
openSUSE 11.4
  • seamonkey >= 2.4-1.2.1
  • seamonkey-dom-inspector >= 2.4-1.2.1
  • seamonkey-irc >= 2.4-1.2.1
  • seamonkey-translations-common >= 2.4-1.2.1
  • seamonkey-translations-other >= 2.4-1.2.1
  • seamonkey-venkman >= 2.4-1.2.1

© 2014 Novell