CVE-2012-3961

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-3961
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1210.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1211.html Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html Vendor Advisory
http://www.securityfocus.com/bid/55321 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1548-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1548-2 Third Party Advisory
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=771873 Exploit Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16514 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
History

No history.

Information

Published : 2012-08-29 10:56

Updated : 2024-02-04 18:16

NVD link : CVE-2012-3961

Mitre link : CVE-2012-3961

CVE.ORG link : CVE-2012-3961

JSON object : View

Products Affected

mozilla

  • thunderbird
  • firefox_esr
  • thunderbird_esr
  • seamonkey
  • firefox

suse

  • linux_enterprise_desktop
  • linux_enterprise_software_development_kit
  • linux_enterprise_server

opensuse

  • opensuse

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server
  • enterprise_linux_workstation
  • enterprise_linux_server_eus
  • enterprise_linux_eus

canonical

  • ubuntu_linux
CWE
CWE-416

Use After Free