CVE-2012-4202HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.
References
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
http://rhn.redhat.com/errata/RHSA-2012-1482.html
http://rhn.redhat.com/errata/RHSA-2012-1483.html
http://secunia.com/advisories/51359
http://secunia.com/advisories/51360
http://secunia.com/advisories/51369
http://secunia.com/advisories/51370
http://secunia.com/advisories/51381
http://secunia.com/advisories/51434
http://secunia.com/advisories/51439
http://secunia.com/advisories/51440
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
http://www.securityfocus.com/bid/56614
http://www.ubuntu.com/usn/USN-1636-1
http://www.ubuntu.com/usn/USN-1638-1
http://www.ubuntu.com/usn/USN-1638-2
http://www.ubuntu.com/usn/USN-1638-3
https://bugzilla.mozilla.org/show_bug.cgi?id=758200
https://exchange.xforce.ibmcloud.com/vulnerabilities/80170
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16739
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Configuration 4
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 74827 | openSUSE Security Update : seamonkey (openSUSE-SU-2012:1584-1) | Nessus | SuSE Local Security Checks | critical |
| 74826 | openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1) | Nessus | SuSE Local Security Checks | critical |
| 74825 | openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1) | Nessus | SuSE Local Security Checks | critical |
| 74824 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1583-1) | Nessus | SuSE Local Security Checks | critical |
| 68660 | Oracle Linux 6 : thunderbird (ELSA-2012-1483) | Nessus | Oracle Linux Local Security Checks | high |
| 68659 | Oracle Linux 5 / 6 : firefox (ELSA-2012-1482) | Nessus | Oracle Linux Local Security Checks | high |
| 64135 | SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093) | Nessus | SuSE Local Security Checks | critical |
| 63402 | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 63145 | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regressions (USN-1638-3) | Nessus | Ubuntu Local Security Checks | critical |
| 801350 | Mozilla Thunderbird 16.x <= 16 Multiple Vulnerabilities | Log Correlation Engine | SMTP Clients | high |
| 801336 | Mozilla SeaMonkey 2.x <= 2.13 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 801327 | Mozilla Firefox 16.x <= 16 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 6627 | Mozilla Thunderbird < 17.0 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | high |
| 6626 | SeaMonkey 2.x < 2.14 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 6625 | Mozilla Firefox < 17.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 63091 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381) | Nessus | SuSE Local Security Checks | critical |
| 63026 | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2) | Nessus | Ubuntu Local Security Checks | critical |
| 63025 | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1) | Nessus | Ubuntu Local Security Checks | critical |
| 63023 | Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1) | Nessus | Ubuntu Local Security Checks | critical |
| 63020 | Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20121120) | Nessus | Scientific Linux Local Security Checks | critical |
| 63019 | Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121120) | Nessus | Scientific Linux Local Security Checks | critical |
| 63006 | CentOS 5 / 6 : thunderbird (CESA-2012:1483) | Nessus | CentOS Local Security Checks | high |
| 63005 | CentOS 5 / 6 : firefox (CESA-2012:1482) | Nessus | CentOS Local Security Checks | high |
| 63001 | SeaMonkey < 2.14 Multiple Vulnerabilities | Nessus | Windows | critical |
| 63000 | Mozilla Thunderbird < 17.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62999 | Mozilla Thunderbird 10.x < 10.0.11 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62998 | Firefox < 17.0 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62997 | Firefox 10.x < 10.0.11 Multiple Vulnerabilities | Nessus | Windows | critical |
| 62996 | Thunderbird 16.x Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62995 | Thunderbird 10.x < 10.0.11 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62994 | Firefox < 17.0 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62993 | Firefox < 10.0.11 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 62981 | RHEL 5 / 6 : thunderbird (RHSA-2012:1483) | Nessus | Red Hat Local Security Checks | high |
| 62980 | RHEL 5 / 6 : firefox (RHSA-2012:1482) | Nessus | Red Hat Local Security Checks | high |
| 62979 | FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392) | Nessus | FreeBSD Local Security Checks | high |