SVG mpath Element Remote Code Execution Vulnerability

SVG mpath Element Remote Code Execution Vulnerability

CVE-2011-3654 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.