CVE-2012-0444

HIGH

Description

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

References

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html

http://secunia.com/advisories/48043

http://secunia.com/advisories/48095

http://www.debian.org/security/2012/dsa-2400

http://www.debian.org/security/2012/dsa-2402

http://www.debian.org/security/2012/dsa-2406

http://www.mandriva.com/security/advisories?name=MDVSA-2012:013

http://www.mozilla.org/security/announce/2012/mfsa2012-07.html

http://www.securityfocus.com/bid/51753

http://www.ubuntu.com/usn/USN-1370-1

https://bugzilla.mozilla.org/show_bug.cgi?id=719612

https://exchange.xforce.ibmcloud.com/vulnerabilities/72858

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464

Details

Source: MITRE

Published: 2012-02-01

Updated: 2020-08-28

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (59 total)

ID	Name	Product	Family	Severity
108941	OracleVM 3.3 : libvorbis (OVMSA-2018-0031)	Nessus	OracleVM Local Security Checks	critical
108940	OracleVM 3.4 : libvorbis (OVMSA-2018-0030)	Nessus	OracleVM Local Security Checks	critical
85640	FreeBSD : libtremor -- memory corruption (40497e81-fee3-4e54-9d5f-175a5c633b73)	Nessus	FreeBSD Local Security Checks	critical
80686	Oracle Solaris Third-Party Patch Update : libvorbis (cve_2012_0444_memory_corruption)	Nessus	Solaris Local Security Checks	critical
76026	openSUSE Security Update : seamonkey (seamonkey-5768)	Nessus	SuSE Local Security Checks	critical
75969	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5751)	Nessus	SuSE Local Security Checks	critical
75961	openSUSE Security Update : mozilla-js192 (mozilla-js192-5749)	Nessus	SuSE Local Security Checks	critical
75951	openSUSE Security Update : MozillaFirefox (MozillaFirefox-5750)	Nessus	SuSE Local Security Checks	critical
75933	openSUSE Security Update : libvorbis (openSUSE-SU-2012:0319-1)	Nessus	SuSE Local Security Checks	critical
74833	openSUSE Security Update : MozillaFirefox / MozillaThunderbird / chmsee / etc (openSUSE-2012-83)	Nessus	SuSE Local Security Checks	critical
74562	openSUSE Security Update : libvorbis (openSUSE-2012-141)	Nessus	SuSE Local Security Checks	critical
69654	Amazon Linux AMI : libvorbis (ALAS-2012-47)	Nessus	Amazon Linux Local Security Checks	critical
68460	Oracle Linux 4 / 5 / 6 : libvorbis (ELSA-2012-0136)	Nessus	Oracle Linux Local Security Checks	critical
68443	Oracle Linux 4 / 5 / 6 : firefox (ELSA-2012-0079)	Nessus	Oracle Linux Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
61249	Scientific Linux Security Update : libvorbis on SL4.x, SL5.x, SL6.x i386/x86_64 (20120215)	Nessus	Scientific Linux Local Security Checks	critical
61230	Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64 (20120131)	Nessus	Scientific Linux Local Security Checks	critical
58585	Mandriva Linux Security Advisory : libvorbis (MDVSA-2012:052)	Nessus	Mandriva Local Security Checks	critical
58196	SuSE 10 Security Update : libvorbis (ZYPP Patch Number 7984)	Nessus	SuSE Local Security Checks	critical
58195	SuSE 11.1 Security Update : libvorbis (SAT Patch Number 5851)	Nessus	SuSE Local Security Checks	critical
58069	Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libvorbis vulnerability (USN-1370-1)	Nessus	Ubuntu Local Security Checks	critical
58037	Ubuntu 11.10 : thunderbird vulnerabilities (USN-1369-1)	Nessus	Ubuntu Local Security Checks	critical
58012	Debian DSA-2412-1 : libvorbis - buffer overflow	Nessus	Debian Local Security Checks	critical
57989	Fedora 16 : libvorbis-1.3.3-1.fc16 (2012-1652)	Nessus	Fedora Local Security Checks	critical
57962	CentOS 4 / 5 / 6 : libvorbis (CESA-2012:0136)	Nessus	CentOS Local Security Checks	critical
57957	RHEL 4 / 5 / 6 : libvorbis (RHSA-2012:0136)	Nessus	Red Hat Local Security Checks	critical
57886	SuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 5764)	Nessus	SuSE Local Security Checks	critical
57879	Debian DSA-2406-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
57874	Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1353-1)	Nessus	Ubuntu Local Security Checks	critical
57873	Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1350-1)	Nessus	Ubuntu Local Security Checks	critical
57858	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7949)	Nessus	SuSE Local Security Checks	critical
801371	Mozilla Thunderbird 3.1.x Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801334	Mozilla SeaMonkey 2.x < 2.7.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801296	Mozilla Firefox 9.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801268	Mozilla Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801248	Mozilla Thunderbird 9.0 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6310	SeaMonkey 2.x < 2.7.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6309	Mozilla Thunderbird 3.1.x < 3.1.18 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6308	Mozilla Thunderbird < 10.0 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6307	Mozilla Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6306	Mozilla Firefox < 10.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
57846	Ubuntu 10.04 LTS / 10.10 : ubufox and webfav update (USN-1355-3)	Nessus	Ubuntu Local Security Checks	critical
57845	Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : mozvoikko update (USN-1355-2)	Nessus	Ubuntu Local Security Checks	critical
57844	Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerabilities (USN-1355-1)	Nessus	Ubuntu Local Security Checks	critical
57838	SuSE 11.1 Security Update : MozillaFirefox (SAT Patch Number 5754)	Nessus	SuSE Local Security Checks	critical
57833	Mandriva Linux Security Advisory : mozilla (MDVSA-2012:013)	Nessus	Mandriva Local Security Checks	critical
57813	Debian DSA-2402-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	critical
57811	Debian DSA-2400-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
57777	CentOS 4 / 5 / 6 : firefox (CESA-2012:0079)	Nessus	CentOS Local Security Checks	critical
57776	Thunderbird 3.1 < 3.1.18 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
57775	Thunderbird 9.x Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
57774	Firefox 3.6 < 3.6.26 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
57773	Firefox < 10.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	high
57772	SeaMonkey < 2.7.0 Multiple Vulnerabilities	Nessus	Windows	high
57771	Mozilla Thunderbird 3.1.x < 3.1.18 Multiple Vulnerabilities	Nessus	Windows	high
57770	Mozilla Thunderbird < 10.0 Multiple Vulnerabilities	Nessus	Windows	high
57769	Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities	Nessus	Windows	high
57768	Firefox < 10.0 Multiple Vulnerabilities	Nessus	Windows	high
57760	RHEL 4 / 5 / 6 : firefox (RHSA-2012:0079)	Nessus	Red Hat Local Security Checks	critical