Detections
Analytics
CVE-2012-0464high
Description
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
References
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
http://pwn2own.zerodayinitiative.com/status.html
http://rhn.redhat.com/errata/RHSA-2012-0387.html
http://rhn.redhat.com/errata/RHSA-2012-0388.html
https://bugzilla.mozilla.org/show_bug.cgi?id=720079
https://bugzilla.mozilla.org/show_bug.cgi?id=735104
http://secunia.com/advisories/48359
http://secunia.com/advisories/48402
http://secunia.com/advisories/48414
http://secunia.com/advisories/48495
http://secunia.com/advisories/48496
http://secunia.com/advisories/48513
http://secunia.com/advisories/48553
http://secunia.com/advisories/48561
http://secunia.com/advisories/48624
http://secunia.com/advisories/48629
http://secunia.com/advisories/48823
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14170
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
http://www.securitytracker.com/id?1026801
http://www.securitytracker.com/id?1026803
http://www.securitytracker.com/id?1026804
http://www.ubuntu.com/usn/USN-1400-1
http://www.ubuntu.com/usn/USN-1400-2
http://www.ubuntu.com/usn/USN-1400-3
http://www.ubuntu.com/usn/USN-1400-4
Details
Published: 2012-03-14
Risk Information
CVSS v2
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High