CVE-2012-0444

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html	Mailing List Third Party Advisory
http://secunia.com/advisories/48043	Third Party Advisory
http://secunia.com/advisories/48095	Third Party Advisory
http://www.debian.org/security/2012/dsa-2400	Third Party Advisory
http://www.debian.org/security/2012/dsa-2402	Third Party Advisory
http://www.debian.org/security/2012/dsa-2406	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013	Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html	Vendor Advisory
http://www.securityfocus.com/bid/51753	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1370-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=719612	Exploit Issue Tracking Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/72858	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1::::::

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*

History

No history.

Information

Published : 2012-02-01 16:55

Updated : 2020-08-28 13:12

NVD link : CVE-2012-0444

Mitre link : CVE-2012-0444

CVE.ORG link : CVE-2012-0444

JSON object : View

Products Affected

suse

linux_enterprise_desktop
linux_enterprise_server
linux_enterprise_software_development_kit

canonical

ubuntu_linux

mozilla

firefox
thunderbird
seamonkey

opensuse

opensuse

debian

debian_linux

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

10.0 /10