CVE-2012-0461

HIGH

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html

http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html

http://rhn.redhat.com/errata/RHSA-2012-0387.html

http://rhn.redhat.com/errata/RHSA-2012-0388.html

http://secunia.com/advisories/48359

http://secunia.com/advisories/48402

http://secunia.com/advisories/48414

http://secunia.com/advisories/48495

http://secunia.com/advisories/48496

http://secunia.com/advisories/48513

http://secunia.com/advisories/48553

http://secunia.com/advisories/48561

http://secunia.com/advisories/48624

http://secunia.com/advisories/48629

http://secunia.com/advisories/48823

http://secunia.com/advisories/48920

http://www.debian.org/security/2012/dsa-2433

http://www.debian.org/security/2012/dsa-2458

http://www.mandriva.com/security/advisories?name=MDVSA-2012:031

http://www.mandriva.com/security/advisories?name=MDVSA-2012:032

http://www.mozilla.org/security/announce/2012/mfsa2012-19.html

http://www.securitytracker.com/id?1026801

http://www.securitytracker.com/id?1026803

http://www.securitytracker.com/id?1026804

http://www.ubuntu.com/usn/USN-1400-1

http://www.ubuntu.com/usn/USN-1400-2

http://www.ubuntu.com/usn/USN-1400-3

http://www.ubuntu.com/usn/USN-1400-4

http://www.ubuntu.com/usn/USN-1400-5

http://www.ubuntu.com/usn/USN-1401-1

https://bugzilla.mozilla.org/show_bug.cgi?id=657588

https://bugzilla.mozilla.org/show_bug.cgi?id=730425

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009

Details

Source: MITRE

Published: 2012-03-14

Updated: 2018-01-18

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 3.6.27 (inclusive)

Configuration 2

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions from 4.0 to 10.0 (inclusive)

Configuration 3

OR

cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions from 1.0 to 3.1.19 (inclusive)

Configuration 5

OR

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 10.0 (inclusive)

Configuration 6

OR

cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
80785Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)NessusSolaris Local Security Checks
high
80606Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_firefox_web)NessusSolaris Local Security Checks
high
74574openSUSE Security Update : MozillaFirefox / MozillaThunderbird (openSUSE-SU-2012:0417-1)NessusSuSE Local Security Checks
high
68496Oracle Linux 6 : thunderbird (ELSA-2012-0388)NessusOracle Linux Local Security Checks
high
68495Oracle Linux 5 / 6 : firefox (ELSA-2012-0387)NessusOracle Linux Local Security Checks
high
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
61283Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120314)NessusScientific Linux Local Security Checks
high
61282Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20120314)NessusScientific Linux Local Security Checks
high
58855Debian DSA-2458-2 : iceape - several vulnerabilitiesNessusDebian Local Security Checks
critical
58807Ubuntu 11.04 : gsettings-desktop-schemas regression (USN-1400-5)NessusUbuntu Local Security Checks
high
58771Mandriva Linux Security Advisory : mozilla (MDVSA-2012:032-1)NessusMandriva Local Security Checks
high
58589Ubuntu 11.10 : thunderbird regressions (USN-1400-4)NessusUbuntu Local Security Checks
high
58525SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8029)NessusSuSE Local Security Checks
high
58524SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6007)NessusSuSE Local Security Checks
high
58481Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerabilities (USN-1401-2)NessusUbuntu Local Security Checks
high
58425Ubuntu 11.10 : thunderbird vulnerabilities (USN-1400-3)NessusUbuntu Local Security Checks
high
58417Debian DSA-2437-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
high
58397Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1401-1)NessusUbuntu Local Security Checks
high
58384Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ubufox update (USN-1400-2)NessusUbuntu Local Security Checks
high
58383Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerabilities (USN-1400-1)NessusUbuntu Local Security Checks
high
801378Mozilla Thunderbird 3.1.x < 3.1.20 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801370Mozilla Thunderbird 10.x < 10.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801364Mozilla Firefox 3.6.x < 3.6.28 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6353Mozilla Thunderbird 3.1.x < 3.1.20 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6352Mozilla Thunderbird 10.x < 10.0.3 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6351Mozilla Firefox 3.6.x < 3.6.28 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
58357Debian DSA-2433-1 : iceweasel - several vulnerabilitiesNessusDebian Local Security Checks
high
801337Mozilla SeaMonkey 2.x < 2.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801284Mozilla Firefox 10.x < 10.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6354SeaMonkey 2.x < 2.8 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6350Mozilla Firefox ESR 10.x < 10.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
58356Thunderbird 3.1.x < 3.1.20 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
58355Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
58354Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
58353Firefox < 10.0.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
58352SeaMonkey < 2.8.0 Multiple VulnerabilitiesNessusWindows
high
58351Mozilla Thunderbird 3.1.x < 3.1.20 Multiple VulnerabilitiesNessusWindows
high
58350Mozilla Thunderbird 10.0.x < 10.0.3 Multiple VulnerabilitiesNessusWindows
high
58349Firefox 3.6.x < 3.6.28 Multiple VulnerabilitiesNessusWindows
high
58348Firefox 10.0.x < 10.0.3 Multiple VulnerabilitiesNessusWindows
high
58347FreeBSD : mozilla -- multiple vulnerabilities (a1050b8b-6db3-11e1-8b37-0011856a6e37)NessusFreeBSD Local Security Checks
high
58345CentOS 5 / 6 : thunderbird (CESA-2012:0388)NessusCentOS Local Security Checks
high
58344CentOS 5 / 6 : firefox (CESA-2012:0387)NessusCentOS Local Security Checks
high
58339RHEL 5 / 6 : thunderbird (RHSA-2012:0388)NessusRed Hat Local Security Checks
high
58338RHEL 5 / 6 : firefox (RHSA-2012:0387)NessusRed Hat Local Security Checks
high