CVE-2012-1970

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=775206	Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=761831	Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=764176	Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=745158	Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=758408	Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=778765	Issue Tracking Vendor Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-57.html	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=777806	Issue Tracking Vendor Advisory
http://www.debian.org/security/2012/dsa-2553	Third Party Advisory
http://www.ubuntu.com/usn/USN-1548-2	Third Party Advisory
http://www.debian.org/security/2012/dsa-2556	Third Party Advisory
http://www.ubuntu.com/usn/USN-1548-1	Third Party Advisory
http://www.debian.org/security/2012/dsa-2554	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1211.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1210.html	Third Party Advisory
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf	Third Party Advisory
http://www.securityfocus.com/bid/55266	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird_esr::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

Configuration 5 (hide)

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*

Information

Published : 2012-08-29 03:56

Updated : 2020-08-28 06:30

NVD link : CVE-2012-1970

Mitre link : CVE-2012-1970

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_eus
enterprise_linux_eus

mozilla

firefox_esr
thunderbird
firefox
seamonkey
thunderbird_esr

suse

linux_enterprise_desktop
linux_enterprise_server
linux_enterprise_software_development_kit

canonical

ubuntu_linux

debian

debian_linux

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=775206", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=775206", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=761831", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=761831", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=764176", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=764176", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=745158", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=745158", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758408", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=758408", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=778765", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=778765", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html", "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=777806", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=777806", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2012/dsa-2553", "name": "DSA-2553", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.ubuntu.com/usn/USN-1548-2", "name": "USN-1548-2", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.debian.org/security/2012/dsa-2556", "name": "DSA-2556", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.ubuntu.com/usn/USN-1548-1", "name": "USN-1548-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.debian.org/security/2012/dsa-2554", "name": "DSA-2554", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html", "name": "SUSE-SU-2012:1167", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html", "name": "RHSA-2012:1211", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html", "name": "openSUSE-SU-2012:1065", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html", "name": "SUSE-SU-2012:1157", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html", "name": "RHSA-2012:1210", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/55266", "name": "55266", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910", "name": "oval:org.mitre.oval:def:16910", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1970", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-08-29T10:56Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.0.7", "versionStartIncluding": "10.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.12"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "15.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.0.7", "versionStartIncluding": "10.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-08-28T13:30Z"}

10.0 /10