Detections
Analytics

CVE-2012-0444

critical

Description

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464

https://exchange.xforce.ibmcloud.com/vulnerabilities/72858

http://www.ubuntu.com/usn/USN-1370-1

http://www.securityfocus.com/bid/51753

http://www.mandriva.com/security/advisories?name=MDVSA-2012:013

http://www.debian.org/security/2012/dsa-2406

http://www.debian.org/security/2012/dsa-2402

http://www.debian.org/security/2012/dsa-2400

http://secunia.com/advisories/48095

http://secunia.com/advisories/48043

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html

http://www.mozilla.org/security/announce/2012/mfsa2012-07.html

Details

Source: Mitre, NVD

Published: 2012-02-01

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04354