Search for vulnerabilities
Vulnerability details: VCID-x73y-1ypu-aaaq
Vulnerability ID VCID-x73y-1ypu-aaaq
Aliases CVE-2011-2998
Summary CVE-2011-2998 Mozilla: Integer underflow when using JavaScript RegExp (MFSA 2011-37)
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2011:1341
rhas Critical https://access.redhat.com/errata/RHSA-2011:1342
rhas Critical https://access.redhat.com/errata/RHSA-2011:1343
rhas Critical https://access.redhat.com/errata/RHSA-2011:1344
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.02766 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.10630 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.10630 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.10630 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.10630 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.10630 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.10630 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.10630 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.10630 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.11391 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
epss 0.11611 https://api.first.org/data/v1/epss?cve=CVE-2011-2998
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=741924
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2011-2998
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2011-37
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2998.json
https://api.first.org/data/v1/epss?cve=CVE-2011-2998
https://bugzilla.mozilla.org/show_bug.cgi?id=684815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14012
http://www.debian.org/security/2011/dsa-2312
http://www.debian.org/security/2011/dsa-2313
http://www.debian.org/security/2011/dsa-2317
http://www.mandriva.com/security/advisories?name=MDVSA-2011:139
http://www.mandriva.com/security/advisories?name=MDVSA-2011:140
http://www.mandriva.com/security/advisories?name=MDVSA-2011:141
http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
http://www.redhat.com/support/errata/RHSA-2011-1341.html
741924 https://bugzilla.redhat.com/show_bug.cgi?id=741924
cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.20:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.21:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.22:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
CVE-2011-2998 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998
CVE-2011-2998 https://nvd.nist.gov/vuln/detail/CVE-2011-2998
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2011-37 https://www.mozilla.org/en-US/security/advisories/mfsa2011-37
RHSA-2011:1341 https://access.redhat.com/errata/RHSA-2011:1341
RHSA-2011:1342 https://access.redhat.com/errata/RHSA-2011:1342
RHSA-2011:1343 https://access.redhat.com/errata/RHSA-2011:1343
RHSA-2011:1344 https://access.redhat.com/errata/RHSA-2011:1344
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-2998
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84755
EPSS Score 0.02766
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.