cvelistv5 - cve-2012-0457

CVE-2012-0457 (GCVE-0-2012-0457)

Vulnerability from cvelistv5

Published

2012-03-14 19:00

Modified

2024-08-06 18:23

Severity ?

CWE

Summary

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/48402	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2012:031	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/48624	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-1400-5	vendor-advisory, x_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775	vdb-entry, signature, x_refsource_OVAL
	https://bugzilla.mozilla.org/show_bug.cgi?id=720103	x_refsource_CONFIRM
	http://secunia.com/advisories/48414	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/48359	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/48823	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1401-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-1400-4	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/48629	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1400-3	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2012-0387.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/48496	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://www.mozilla.org/security/announce/2012/mfsa2012-14.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-1400-2	vendor-advisory, x_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=MDVSA-2012:032	vendor-advisory, x_refsource_MANDRIVA
	http://www.securitytracker.com/id?1026803	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/48495	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/48553	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1400-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/48561	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0388.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id?1026801	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id?1026804	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/48513	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:23:31.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2012:0417",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
          },
          {
            "name": "48402",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48402"
          },
          {
            "name": "MDVSA-2012:031",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"
          },
          {
            "name": "48624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48624"
          },
          {
            "name": "SUSE-SU-2012:0424",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
          },
          {
            "name": "USN-1400-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1400-5"
          },
          {
            "name": "oval:org.mitre.oval:def:14775",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=720103"
          },
          {
            "name": "48414",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48414"
          },
          {
            "name": "48359",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48359"
          },
          {
            "name": "48823",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48823"
          },
          {
            "name": "USN-1401-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1401-1"
          },
          {
            "name": "USN-1400-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1400-4"
          },
          {
            "name": "48629",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48629"
          },
          {
            "name": "USN-1400-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1400-3"
          },
          {
            "name": "RHSA-2012:0387",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
          },
          {
            "name": "48496",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48496"
          },
          {
            "name": "SUSE-SU-2012:0425",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html"
          },
          {
            "name": "USN-1400-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1400-2"
          },
          {
            "name": "MDVSA-2012:032",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
          },
          {
            "name": "1026803",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026803"
          },
          {
            "name": "48495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48495"
          },
          {
            "name": "48553",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48553"
          },
          {
            "name": "USN-1400-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1400-1"
          },
          {
            "name": "48561",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48561"
          },
          {
            "name": "RHSA-2012:0388",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
          },
          {
            "name": "1026801",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026801"
          },
          {
            "name": "1026804",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026804"
          },
          {
            "name": "48513",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48513"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2012:0417",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
        },
        {
          "name": "48402",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48402"
        },
        {
          "name": "MDVSA-2012:031",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"
        },
        {
          "name": "48624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48624"
        },
        {
          "name": "SUSE-SU-2012:0424",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
        },
        {
          "name": "USN-1400-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1400-5"
        },
        {
          "name": "oval:org.mitre.oval:def:14775",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=720103"
        },
        {
          "name": "48414",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48414"
        },
        {
          "name": "48359",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48359"
        },
        {
          "name": "48823",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48823"
        },
        {
          "name": "USN-1401-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1401-1"
        },
        {
          "name": "USN-1400-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1400-4"
        },
        {
          "name": "48629",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48629"
        },
        {
          "name": "USN-1400-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1400-3"
        },
        {
          "name": "RHSA-2012:0387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
        },
        {
          "name": "48496",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48496"
        },
        {
          "name": "SUSE-SU-2012:0425",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html"
        },
        {
          "name": "USN-1400-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1400-2"
        },
        {
          "name": "MDVSA-2012:032",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
        },
        {
          "name": "1026803",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026803"
        },
        {
          "name": "48495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48495"
        },
        {
          "name": "48553",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48553"
        },
        {
          "name": "USN-1400-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1400-1"
        },
        {
          "name": "48561",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48561"
        },
        {
          "name": "RHSA-2012:0388",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
        },
        {
          "name": "1026801",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026801"
        },
        {
          "name": "1026804",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026804"
        },
        {
          "name": "48513",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48513"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-0457",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2012:0417",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
            },
            {
              "name": "48402",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48402"
            },
            {
              "name": "MDVSA-2012:031",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"
            },
            {
              "name": "48624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48624"
            },
            {
              "name": "SUSE-SU-2012:0424",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
            },
            {
              "name": "USN-1400-5",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1400-5"
            },
            {
              "name": "oval:org.mitre.oval:def:14775",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=720103",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=720103"
            },
            {
              "name": "48414",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48414"
            },
            {
              "name": "48359",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48359"
            },
            {
              "name": "48823",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48823"
            },
            {
              "name": "USN-1401-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1401-1"
            },
            {
              "name": "USN-1400-4",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1400-4"
            },
            {
              "name": "48629",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48629"
            },
            {
              "name": "USN-1400-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1400-3"
            },
            {
              "name": "RHSA-2012:0387",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
            },
            {
              "name": "48496",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48496"
            },
            {
              "name": "SUSE-SU-2012:0425",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html"
            },
            {
              "name": "USN-1400-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1400-2"
            },
            {
              "name": "MDVSA-2012:032",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
            },
            {
              "name": "1026803",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026803"
            },
            {
              "name": "48495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48495"
            },
            {
              "name": "48553",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48553"
            },
            {
              "name": "USN-1400-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1400-1"
            },
            {
              "name": "48561",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48561"
            },
            {
              "name": "RHSA-2012:0388",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
            },
            {
              "name": "1026801",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026801"
            },
            {
              "name": "1026804",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026804"
            },
            {
              "name": "48513",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48513"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-0457",
    "datePublished": "2012-03-14T19:00:00.000Z",
    "dateReserved": "2012-01-09T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:23:31.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-142

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Mozilla, dont certaines peuvent être exploitées pour exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Plusieurs concernent des problèmes de corruption mémoire dans certaines circonstances, qui peuvent être exploitées pour causer des dénis de services, et potentiellement exécuter du code arbitraire à distance. Deux vulnérabilités peuvent être exploitées via des pages Web spécialement conçues pour réaliser une injection de code indirecte à distance. Une vulnérabilité provoque une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	Thunderbird	Thunderbird ESR versions antérieures à 10.0.3 ;
Mozilla	Firefox	Firefox versions antérieures à 11 ;
Mozilla	Firefox	Firefox versions antérieures à 3.6.28 ;
Mozilla	Thunderbird	Thunderbird versions antérieures à 3.1.20 ;
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 10.0.3 ;
Mozilla	N/A	SeaMonkey versions antérieures à 2.8.
Mozilla	Thunderbird	Thunderbird versions antérieures à 11 ;

References

Title

Publication Time

Tags

Bulletins de sécurité de la fondation Mozilla du 14 mars 2012	None	vendor-advisory
Bulletin de sécurité de la fondation Mozilla 2012/mfsa2012-18 du 14 mars 2012 :	-	other
Bulletin de sécurité de la fondation Mozilla 2012/mfsa2012-15 du 14 mars 2012 :	-	other
Bulletin de sécurité de la fondation Mozilla 2012/mfsa2012-19 du 14 mars 2012 :	-	other
Bulletin de sécurité de la fondation Mozilla 2012/mfsa2012-16 du 14 mars 2012 :	-	other
Bulletin de sécurité de la fondation Mozilla 2012/mfsa2012-14 du 14 mars 2012 :	-	other
Bulletin de sécurité de la fondation Mozilla 2012/mfsa2012-12 du 14 mars 2012 :	-	other
Bulletin de sécurité de la fondation Mozilla 2012/mfsa2012-13 du 14 mars 2012 :	-	other
Bulletin de sécurité de la fondation Mozilla 2012/mfsa2012-17 du 14 mars 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 10.0.3 ;",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 11 ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox versions ant\u00e9rieures \u00e0 3.6.28 ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 3.1.20 ;",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 10.0.3 ;",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "SeaMonkey versions ant\u00e9rieures \u00e0 2.8.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 11 ;",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Mozilla.\nPlusieurs concernent des probl\u00e8mes de corruption m\u00e9moire dans certaines\ncirconstances, qui peuvent \u00eatre exploit\u00e9es pour causer des d\u00e9nis de\nservices, et potentiellement ex\u00e9cuter du code arbitraire \u00e0 distance.\nDeux vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es via des pages Web\nsp\u00e9cialement con\u00e7ues pour r\u00e9aliser une injection de code indirecte \u00e0\ndistance. Une vuln\u00e9rabilit\u00e9 provoque une \u00e9l\u00e9vation de privil\u00e8ges.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0458"
    },
    {
      "name": "CVE-2012-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0464"
    },
    {
      "name": "CVE-2012-0451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0451"
    },
    {
      "name": "CVE-2012-0459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0459"
    },
    {
      "name": "CVE-2012-0460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0460"
    },
    {
      "name": "CVE-2012-0456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0456"
    },
    {
      "name": "CVE-2012-0461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0461"
    },
    {
      "name": "CVE-2012-0457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0457"
    },
    {
      "name": "CVE-2012-0462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0462"
    },
    {
      "name": "CVE-2012-0455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0455"
    },
    {
      "name": "CVE-2012-0454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0454"
    },
    {
      "name": "CVE-2012-0463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0463"
    }
  ],
  "initial_release_date": "2012-03-14T00:00:00",
  "last_revision_date": "2012-03-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2012/mfsa2012-18 du 14 mars 2012 :",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-18.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2012/mfsa2012-15 du 14 mars 2012 :",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-15.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2012/mfsa2012-19 du 14 mars 2012 :",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2012/mfsa2012-16 du 14 mars 2012 :",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2012/mfsa2012-14 du 14 mars 2012 :",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2012/mfsa2012-12 du 14 mars 2012 :",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-12.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2012/mfsa2012-13 du 14 mars 2012 :",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-13.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2012/mfsa2012-17 du 14 mars 2012 :",
      "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-17.html"
    }
  ],
  "reference": "CERTA-2012-AVI-142",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Mozilla,\ndont certaines peuvent \u00eatre exploit\u00e9es pour ex\u00e9cuter du code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 14 mars 2012",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-0457 (GCVE-0-2012-0457)

Vulnerability from cvelistv5

CERTA-2012-AVI-142

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature