VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 18, 2011· Updated Apr 29, 2026

CVE-2011-0084

CVE-2011-0084

Description

A dangling pointer in Mozilla's SVGTextElement.getCharNumAtPosition allows remote code execution via crafted SVG text.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A dangling pointer in Mozilla's SVGTextElement.getCharNumAtPosition allows remote code execution via crafted SVG text.

Vulnerability

The vulnerability resides in the nsSVGGlyphFrame::GetCharNumAtPosition() function within Mozilla's SVG text handling code. When processing SVG text containers, the function does not properly account for user-defined getter methods that can modify or destroy the parent object during traversal. This oversight leads to a dangling pointer that is subsequently referenced. Affected products include Mozilla Firefox before 3.6.20 and versions 4.x through 5, Thunderbird 3.x before 3.1.12 and versions before 6, SeaMonkey 2.x before 2.3, and possibly other Mozilla-based products [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious SVG document containing a user-defined getter that, when invoked during the getCharNumAtPosition call, modifies or destroys the parent SVG text element. The dangling pointer is then dereferenced, leading to memory corruption. The attack requires user interaction—the victim must visit a malicious web page or open a malicious file. No authentication or special network position is needed [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code within the context of the affected browser or application. The CVSS score of 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C) indicates high impact on availability and partial impact on confidentiality and integrity [1]. This is a critical severity vulnerability.

Mitigation

Mozilla addressed this vulnerability in Firefox 3.6.20 and Firefox 6, Thunderbird 3.1.12 and Thunderbird 6, and SeaMonkey 2.3 [4]. Red Hat also released security updates via RHSA-2011:1166 and RHSA-2011:1164 for Red Hat Enterprise Linux [2][3]. Users should update to the latest fixed versions. No workarounds are documented.

References
  1. 648094 - (CVE-2011-0084) Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability (ZDI-CAN-1143)
  2. Support
  3. Support
  4. Security issues addressed in Firefox 6

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

180
  • Mozilla Corporation/Firefox126 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 125 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=3.6.19
    • cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*
    • (no CPE)range: <3.6.20, 4.0-5.x
  • Mozilla Corporation/Seamonkey26 versions
    cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
    • (no CPE)range: <2.3
  • Mozilla Corporation/Thunderbird25 versions
    cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:thunderbird:3.1.9:*:*:*:*:*:*:*
    • (no CPE)range: <3.1.12, <6
  • osv-coords3 versions
    pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
    < 128.5.1-1.1+ 2 more
    • (no CPE)range: < 128.5.1-1.1
    • (no CPE)range: < 50.1.0-1.1
    • (no CPE)range: < 45.5.1-1.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.