CVE-2012-4202

HIGH

Description

Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image.

ID	Name	Product	Family	Severity
74827	openSUSE Security Update : seamonkey (openSUSE-SU-2012:1584-1)	Nessus	SuSE Local Security Checks	critical
74826	openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)	Nessus	SuSE Local Security Checks	critical
74825	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1)	Nessus	SuSE Local Security Checks	critical
74824	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1583-1)	Nessus	SuSE Local Security Checks	critical
68660	Oracle Linux 6 : thunderbird (ELSA-2012-1483)	Nessus	Oracle Linux Local Security Checks	critical
68659	Oracle Linux 5 / 6 : firefox (ELSA-2012-1482)	Nessus	Oracle Linux Local Security Checks	critical
64135	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093)	Nessus	SuSE Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
63145	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regressions (USN-1638-3)	Nessus	Ubuntu Local Security Checks	critical
801350	Mozilla Thunderbird 16.x <= 16 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801336	Mozilla SeaMonkey 2.x <= 2.13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801327	Mozilla Firefox 16.x <= 16 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
63091	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)	Nessus	SuSE Local Security Checks	critical
6627	Mozilla Thunderbird < 17.0 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6626	SeaMonkey 2.x < 2.14 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6625	Mozilla Firefox < 17.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
63026	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2)	Nessus	Ubuntu Local Security Checks	critical
63025	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1)	Nessus	Ubuntu Local Security Checks	critical
63023	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)	Nessus	Ubuntu Local Security Checks	critical
63020	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
63019	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
63006	CentOS 5 / 6 : thunderbird (CESA-2012:1483)	Nessus	CentOS Local Security Checks	critical
63005	CentOS 5 / 6 : firefox (CESA-2012:1482)	Nessus	CentOS Local Security Checks	critical
63001	SeaMonkey < 2.14 Multiple Vulnerabilities	Nessus	Windows	critical
63000	Mozilla Thunderbird < 17.0 Multiple Vulnerabilities	Nessus	Windows	critical
62999	Mozilla Thunderbird 10.x < 10.0.11 Multiple Vulnerabilities	Nessus	Windows	critical
62998	Firefox < 17.0 Multiple Vulnerabilities	Nessus	Windows	critical
62997	Firefox 10.x < 10.0.11 Multiple Vulnerabilities	Nessus	Windows	critical
62996	Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
62995	Thunderbird 10.x < 10.0.11 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
62994	Firefox < 17.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
62993	Firefox < 10.0.11 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
62981	RHEL 5 / 6 : thunderbird (RHSA-2012:1483)	Nessus	Red Hat Local Security Checks	critical
62980	RHEL 5 / 6 : firefox (RHSA-2012:1482)	Nessus	Red Hat Local Security Checks	critical
62979	FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)	Nessus	FreeBSD Local Security Checks	critical

CVE-2012-4202

Description

References

Details

Risk Information

CVSS v2.0