CVE-2011-2998

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.

Published: Sep 30, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-2998
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
mozilla / firefox	3.6.2	3.6.2.x
mozilla / firefox	3.6.3	3.6.3.x
mozilla / firefox	3.6.15	3.6.15.x
mozilla / firefox	3.6.17	3.6.17.x
mozilla / firefox	3.6.11	3.6.11.x
mozilla / firefox	3.6.8	3.6.8.x
mozilla / firefox	3.6.9	3.6.9.x
mozilla / firefox	3.6.14	3.6.14.x
mozilla / firefox	3.6.12	3.6.12.x
mozilla / firefox	3.6.6	3.6.6.x
mozilla / firefox	3.6.21	3.6.21.x
mozilla / firefox	3.6.16	3.6.16.x
mozilla / firefox	3.6.10	3.6.10.x
mozilla / firefox	3.6.19	3.6.19.x
mozilla / firefox	3.6.7	3.6.7.x
mozilla / firefox	3.6.4	3.6.4.x
mozilla / firefox	3.6.18	3.6.18.x
mozilla / firefox	3.6.20	3.6.20.x
mozilla / firefox	3.6	3.6.x
mozilla / firefox	3.6.22	3.6.22.x
mozilla / firefox	3.6.13	3.6.13.x

Vulnerability Database

323,117

CVE-2011-2998

Deep Security Visibility Without the Complexity