VulnerableCode Package Details - pkg:mozilla/Firefox@4.0.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8a69-3km5-nfgs	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2011-1202
VCID-afcm-vccz-93a7	Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.	CVE-2011-0079
VCID-kezq-ad8j-eycq	Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; older versions are not affected by these issues.Nils reported that the WebGLES libraries in the Windows version of Firefox were compiled without ASLR protection. An attacker who found an exploitable memory corruption flaw could then use these libraries to bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable on those platforms as it would be on Windows XP or other platforms.	CVE-2011-1302

Vulnerability

Summary

Aliases

VCID-8a69-3km5-nfgs

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2011-1202

VCID-afcm-vccz-93a7

Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.

CVE-2011-0079

VCID-kezq-ad8j-eycq

Two crashes that could potentially be exploited to run malicious code were found in the WebGL feature and fixed in Firefox 4.0.1. In addition the WebGLES libraries could potentially be used to bypass a security feature of recent Windows versions. The WebGL feature was introduced in Firefox 4; older versions are not affected by these issues.Nils reported that the WebGLES libraries in the Windows version of Firefox were compiled without ASLR protection. An attacker who found an exploitable memory corruption flaw could then use these libraries to bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable on those platforms as it would be on Windows XP or other platforms.

CVE-2011-1302

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:18:22.328755+00:00	Mozilla Importer	Fixing	VCID-8a69-3km5-nfgs	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2011/mfsa2011-18.md	38.0.0
2026-04-01T13:18:19.746205+00:00	Mozilla Importer	Fixing	VCID-kezq-ad8j-eycq	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2011/mfsa2011-17.md	38.0.0
2026-04-01T13:18:17.298550+00:00	Mozilla Importer	Fixing	VCID-afcm-vccz-93a7	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2011/mfsa2011-12.md	38.0.0