CVE-2012-0444

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=719612	Exploit Issue Tracking Patch Vendor Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html	Vendor Advisory
http://www.debian.org/security/2012/dsa-2400	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html	Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013	Third Party Advisory
http://www.securityfocus.com/bid/51753	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/72858	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464	Third Party Advisory
http://www.debian.org/security/2012/dsa-2406	Third Party Advisory
http://www.debian.org/security/2012/dsa-2402	Third Party Advisory
http://secunia.com/advisories/48095	Third Party Advisory
http://secunia.com/advisories/48043	Third Party Advisory
http://www.ubuntu.com/usn/USN-1370-1	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1::::::

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*

Information

Published : 2012-02-01 08:55

Updated : 2020-08-28 06:12

NVD link : CVE-2012-0444

Mitre link : CVE-2012-0444

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

suse

linux_enterprise_desktop
linux_enterprise_software_development_kit
linux_enterprise_server

mozilla

thunderbird
firefox
seamonkey

canonical

ubuntu_linux

debian

debian_linux

opensuse

opensuse

10.0 /10