CVE-2012-3972

MEDIUM

Description

The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.

References

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html

http://rhn.redhat.com/errata/RHSA-2012-1210.html

http://rhn.redhat.com/errata/RHSA-2012-1211.html

http://www.debian.org/security/2012/dsa-2553

http://www.debian.org/security/2012/dsa-2554

http://www.debian.org/security/2012/dsa-2556

http://www.mozilla.org/security/announce/2012/mfsa2012-65.html

http://www.ubuntu.com/usn/USN-1548-1

http://www.ubuntu.com/usn/USN-1548-2

http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

https://bugzilla.mozilla.org/show_bug.cgi?id=746855

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234

Details

Source: MITRE

Published: 2012-08-29

Updated: 2020-09-09

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Tenable Plugins

View all (39 total)

ID	Name	Product	Family	Severity
80609	Oracle Solaris Third-Party Patch Update : firefox (multiple_vulnerabilities_in_firefox)	Nessus	Solaris Local Security Checks	critical
74729	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1065-1)	Nessus	SuSE Local Security Checks	critical
74725	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1064-1)	Nessus	SuSE Local Security Checks	critical
68608	Oracle Linux 6 : thunderbird (ELSA-2012-1211)	Nessus	Oracle Linux Local Security Checks	critical
68607	Oracle Linux 5 / 6 : firefox (ELSA-2012-1210)	Nessus	Oracle Linux Local Security Checks	critical
64132	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 6763)	Nessus	SuSE Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
62448	Debian DSA-2556-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
62382	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird regressions (USN-1551-2)	Nessus	Ubuntu Local Security Checks	critical
62318	Debian DSA-2554-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	critical
62285	Debian DSA-2553-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
62096	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8269)	Nessus	SuSE Local Security Checks	critical
62062	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox regression (USN-1548-2)	Nessus	Ubuntu Local Security Checks	critical
61990	Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2012:147)	Nessus	Mandriva Local Security Checks	critical
61989	Mandriva Linux Security Advisory : firefox (MDVSA-2012:145)	Nessus	Mandriva Local Security Checks	critical
61745	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1551-1)	Nessus	Ubuntu Local Security Checks	critical
61741	FreeBSD : mozilla -- multiple vulnerabilities (2b8cad90-f289-11e1-a215-14dae9ebcf89)	Nessus	FreeBSD Local Security Checks	critical
801365	Mozilla Thunderbird 14.x <= 14 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801356	Mozilla SeaMonkey 2.x < 2.12 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801230	Mozilla Firefox 14.x <= 14 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
61730	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1548-1)	Nessus	Ubuntu Local Security Checks	critical
61727	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20120829)	Nessus	Scientific Linux Local Security Checks	critical
61726	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20120829)	Nessus	Scientific Linux Local Security Checks	critical
61722	CentOS 5 / 6 : thunderbird (CESA-2012:1211)	Nessus	CentOS Local Security Checks	critical
61721	CentOS 5 / 6 : firefox (CESA-2012:1210)	Nessus	CentOS Local Security Checks	critical
6561	SeaMonkey 2.x < 2.12 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6560	Mozilla Thunderbird < 15.0 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6559	Mozilla Firefox < 15.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
61718	SeaMonkey < 2.12.0 Multiple Vulnerabilities	Nessus	Windows	critical
61717	Mozilla Thunderbird < 15.0 Multiple Vulnerabilities	Nessus	Windows	critical
61716	Mozilla Thunderbird 10.0.x < 10.0.7 Multiple Vulnerabilities	Nessus	Windows	critical
61715	Firefox < 15.0 Multiple Vulnerabilities	Nessus	Windows	critical
61714	Firefox 10.0.x < 10.0.7 Multiple Vulnerabilities	Nessus	Windows	critical
61713	Thunderbird < 15.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
61712	Thunderbird 10.0.x < 10.0.7 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
61711	Firefox < 15.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
61710	Firefox < 10.0.7 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
61705	RHEL 5 / 6 : thunderbird (RHSA-2012:1211)	Nessus	Red Hat Local Security Checks	critical
61704	RHEL 5 / 6 : firefox (RHSA-2012:1210)	Nessus	Red Hat Local Security Checks	critical