CVE-2011-3650

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 4.x through 7.0 Mozilla Firefox version 3.6.24 and earlier Thunderbird versions 5.0 through 7.0 Thunderbird version 3.1.6 and earlier

Description The issue arises from improper handling of certain JavaScript files containing numerous functions. This allows remote attackers, assisted by a local user, to cause a denial of service through memory corruption and application crash. It is also possible for attackers to have an unspecified impact via a crafted file accessed by debugging APIs, as demonstrated by Firebug.

Recommendations For Mozilla Firefox versions 4.x through 7.0, update to a version later than 7.0 to resolve the issue. For Mozilla Firefox version 3.6.24 and earlier, update to version 3.6.24 or later to mitigate the risk. For Thunderbird versions 5.0 through 7.0, update to a version later than 7.0 to resolve the issue. For Thunderbird version 3.1.6 and earlier, update to version 3.1.6 or later to mitigate the risk. As a temporary workaround, consider disabling the debugging APIs until a patch is available. Restrict access to the debugging APIs to minimize the risk of exploitation.