CVE-2012-0444

HIGH

Description

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

References

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html

http://secunia.com/advisories/48043

http://secunia.com/advisories/48095

http://www.debian.org/security/2012/dsa-2400

http://www.debian.org/security/2012/dsa-2402

http://www.debian.org/security/2012/dsa-2406

http://www.mandriva.com/security/advisories?name=MDVSA-2012:013

http://www.mozilla.org/security/announce/2012/mfsa2012-07.html

http://www.securityfocus.com/bid/51753

http://www.ubuntu.com/usn/USN-1370-1

https://bugzilla.mozilla.org/show_bug.cgi?id=719612

https://exchange.xforce.ibmcloud.com/vulnerabilities/72858

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464

Details

Source: MITRE

Published: 2012-02-01

Updated: 2020-08-28

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

Tenable Plugins

View all (59 total)

IDNameProductFamilySeverity
108941OracleVM 3.3 : libvorbis (OVMSA-2018-0031)NessusOracleVM Local Security Checks
critical
108940OracleVM 3.4 : libvorbis (OVMSA-2018-0030)NessusOracleVM Local Security Checks
critical
85640FreeBSD : libtremor -- memory corruption (40497e81-fee3-4e54-9d5f-175a5c633b73)NessusFreeBSD Local Security Checks
critical
80686Oracle Solaris Third-Party Patch Update : libvorbis (cve_2012_0444_memory_corruption)NessusSolaris Local Security Checks
critical
76026openSUSE Security Update : seamonkey (seamonkey-5768)NessusSuSE Local Security Checks
critical
75969openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5751)NessusSuSE Local Security Checks
critical
75961openSUSE Security Update : mozilla-js192 (mozilla-js192-5749)NessusSuSE Local Security Checks
critical
75951openSUSE Security Update : MozillaFirefox (MozillaFirefox-5750)NessusSuSE Local Security Checks
critical
75933openSUSE Security Update : libvorbis (openSUSE-SU-2012:0319-1)NessusSuSE Local Security Checks
critical
74833openSUSE Security Update : MozillaFirefox / MozillaThunderbird / chmsee / etc (openSUSE-2012-83)NessusSuSE Local Security Checks
critical
74562openSUSE Security Update : libvorbis (openSUSE-2012-141)NessusSuSE Local Security Checks
critical
69654Amazon Linux AMI : libvorbis (ALAS-2012-47)NessusAmazon Linux Local Security Checks
critical
68460Oracle Linux 4 / 5 / 6 : libvorbis (ELSA-2012-0136)NessusOracle Linux Local Security Checks
critical
68443Oracle Linux 4 / 5 / 6 : firefox (ELSA-2012-0079)NessusOracle Linux Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
61249Scientific Linux Security Update : libvorbis on SL4.x, SL5.x, SL6.x i386/x86_64 (20120215)NessusScientific Linux Local Security Checks
critical
61230Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64 (20120131)NessusScientific Linux Local Security Checks
critical
58585Mandriva Linux Security Advisory : libvorbis (MDVSA-2012:052)NessusMandriva Local Security Checks
critical
58196SuSE 10 Security Update : libvorbis (ZYPP Patch Number 7984)NessusSuSE Local Security Checks
critical
58195SuSE 11.1 Security Update : libvorbis (SAT Patch Number 5851)NessusSuSE Local Security Checks
critical
58069Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libvorbis vulnerability (USN-1370-1)NessusUbuntu Local Security Checks
critical
58037Ubuntu 11.10 : thunderbird vulnerabilities (USN-1369-1)NessusUbuntu Local Security Checks
critical
58012Debian DSA-2412-1 : libvorbis - buffer overflowNessusDebian Local Security Checks
critical
57989Fedora 16 : libvorbis-1.3.3-1.fc16 (2012-1652)NessusFedora Local Security Checks
critical
57962CentOS 4 / 5 / 6 : libvorbis (CESA-2012:0136)NessusCentOS Local Security Checks
critical
57957RHEL 4 / 5 / 6 : libvorbis (RHSA-2012:0136)NessusRed Hat Local Security Checks
critical
57886SuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 5764)NessusSuSE Local Security Checks
critical
57879Debian DSA-2406-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
57874Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1353-1)NessusUbuntu Local Security Checks
critical
57873Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1350-1)NessusUbuntu Local Security Checks
critical
57858SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7949)NessusSuSE Local Security Checks
critical
801371Mozilla Thunderbird 3.1.x Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801334Mozilla SeaMonkey 2.x < 2.7.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801296Mozilla Firefox 9.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801268Mozilla Firefox 3.6.x < 3.6.26 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801248Mozilla Thunderbird 9.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6310SeaMonkey 2.x < 2.7.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6309Mozilla Thunderbird 3.1.x < 3.1.18 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6308Mozilla Thunderbird < 10.0 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6307Mozilla Firefox 3.6.x < 3.6.26 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6306Mozilla Firefox < 10.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
57846Ubuntu 10.04 LTS / 10.10 : ubufox and webfav update (USN-1355-3)NessusUbuntu Local Security Checks
critical
57845Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : mozvoikko update (USN-1355-2)NessusUbuntu Local Security Checks
critical
57844Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerabilities (USN-1355-1)NessusUbuntu Local Security Checks
critical
57838SuSE 11.1 Security Update : MozillaFirefox (SAT Patch Number 5754)NessusSuSE Local Security Checks
critical
57833Mandriva Linux Security Advisory : mozilla (MDVSA-2012:013)NessusMandriva Local Security Checks
critical
57813Debian DSA-2402-1 : iceape - several vulnerabilitiesNessusDebian Local Security Checks
critical
57811Debian DSA-2400-1 : iceweasel - several vulnerabilitiesNessusDebian Local Security Checks
critical
57777CentOS 4 / 5 / 6 : firefox (CESA-2012:0079)NessusCentOS Local Security Checks
critical
57776Thunderbird 3.1 < 3.1.18 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
57775Thunderbird 9.x Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
57774Firefox 3.6 < 3.6.26 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
57773Firefox < 10.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
57772SeaMonkey < 2.7.0 Multiple VulnerabilitiesNessusWindows
high
57771Mozilla Thunderbird 3.1.x < 3.1.18 Multiple VulnerabilitiesNessusWindows
high
57770Mozilla Thunderbird < 10.0 Multiple VulnerabilitiesNessusWindows
high
57769Firefox 3.6.x < 3.6.26 Multiple VulnerabilitiesNessusWindows
high
57768Firefox < 10.0 Multiple VulnerabilitiesNessusWindows
high
57760RHEL 4 / 5 / 6 : firefox (RHSA-2012:0079)NessusRed Hat Local Security Checks
critical