CVE-2012-0457

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=720103	Issue Tracking Vendor Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-14.html	Third Party Advisory Vendor Advisory
http://www.ubuntu.com/usn/USN-1400-3	Third Party Advisory
http://secunia.com/advisories/48495	Third Party Advisory
http://secunia.com/advisories/48513	Third Party Advisory
http://secunia.com/advisories/48629	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html	Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4	Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5	Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1	Third Party Advisory
http://secunia.com/advisories/48496	Third Party Advisory
http://secunia.com/advisories/48553	Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-2	Third Party Advisory
http://secunia.com/advisories/48624	Third Party Advisory
http://secunia.com/advisories/48561	Third Party Advisory
http://secunia.com/advisories/48823	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775	Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-1
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
http://www.securitytracker.com/id?1026804
http://secunia.com/advisories/48402
http://secunia.com/advisories/48359
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
http://www.securitytracker.com/id?1026803
http://www.securitytracker.com/id?1026801
http://secunia.com/advisories/48414
http://rhn.redhat.com/errata/RHSA-2012-0388.html
http://rhn.redhat.com/errata/RHSA-2012-0387.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:mozilla:firefox_esr:10.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:10.0.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:10.0.2:::::::*

Configuration 4 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR	cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird_esr:10.0:::::::*
	cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:::::::*

Configuration 7 (hide)

OR	cpe:2.3:a:mozilla:seamonkey:2.7:beta4::::::
	cpe:2.3:a:mozilla:seamonkey:2.7:beta5::::::
	cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
	cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.6:beta1::::::
	cpe:2.3:a:mozilla:seamonkey:2.0.13:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.7:beta3::::::
	cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
	cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
	cpe:2.3:a:mozilla:seamonkey:2.7:beta2::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
	cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
	cpe:2.3:a:mozilla:seamonkey:2.0.12:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.1:beta2::::::
	cpe:2.3:a:mozilla:seamonkey:2.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.4:beta2::::::
	cpe:2.3:a:mozilla:seamonkey:2.3:beta1::::::
	cpe:2.3:a:mozilla:seamonkey:2.4:beta3::::::
	cpe:2.3:a:mozilla:seamonkey:2.1:beta3::::::
	cpe:2.3:a:mozilla:seamonkey:1.1.18:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.5:beta2::::::
	cpe:2.3:a:mozilla:seamonkey:1.5.0.10:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.1:alpha2::::::
	cpe:2.3:a:mozilla:seamonkey:2.3.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
	cpe:2.3:a:mozilla:seamonkey:2.6:beta2::::::
	cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
	cpe:2.3:a:mozilla:seamonkey:2.1:rc1::::::
	cpe:2.3:a:mozilla:seamonkey:2.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.5.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.3:beta2::::::
	cpe:2.3:a:mozilla:seamonkey:2.1:alpha1::::::
	cpe:2.3:a:mozilla:seamonkey:2.6:beta4::::::
	cpe:2.3:a:mozilla:seamonkey:1.5.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.4.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.14:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.6:beta3::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
cpe:2.3:a:mozilla:seamonkey:2.5:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.1:rc2::::::
cpe:2.3:a:mozilla:seamonkey:2.3:beta3::::::
cpe:2.3:a:mozilla:seamonkey:1.1.19:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:2.3.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey:2.3.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.6.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.2:beta1::::::
cpe:2.3:a:mozilla:seamonkey:-:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.10:::::::*
cpe:2.3:a:mozilla:seamonkey:2.2:beta2::::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
cpe:2.3:a:mozilla:seamonkey:2.7:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.4:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.11:::::::*
cpe:2.3:a:mozilla:seamonkey:2.5:beta3::::::
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0.9:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
cpe:2.3:a:mozilla:seamonkey:2.5:beta4::::::
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
cpe:2.3:a:mozilla:seamonkey:2.4:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.7.2:::::::*
cpe:2.3:a:mozilla:seamonkey:2.7:::::::*
cpe:2.3:a:mozilla:seamonkey:2.2:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.7.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:::::::*

Information

Published : 2012-03-14 12:55

Updated : 2018-01-17 18:29

NVD link : CVE-2012-0457

Mitre link : CVE-2012-0457

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

mozilla

firefox_esr
thunderbird
firefox
thunderbird_esr
seamonkey

9.3 /10