CVE-2012-4204

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

http://osvdb.org/87592

http://secunia.com/advisories/51369

http://secunia.com/advisories/51370

http://secunia.com/advisories/51381

http://secunia.com/advisories/51434

http://secunia.com/advisories/51439

http://secunia.com/advisories/51440

http://www.mozilla.org/security/announce/2012/mfsa2012-96.html

http://www.ubuntu.com/usn/USN-1636-1

http://www.ubuntu.com/usn/USN-1638-1

http://www.ubuntu.com/usn/USN-1638-2

http://www.ubuntu.com/usn/USN-1638-3

https://bugzilla.mozilla.org/show_bug.cgi?id=778603

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16766

Details

Source: MITRE

Published: 2012-11-21

Updated: 2020-08-13

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
74827openSUSE Security Update : seamonkey (openSUSE-SU-2012:1584-1)NessusSuSE Local Security Checks
critical
74826openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)NessusSuSE Local Security Checks
critical
74825openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1)NessusSuSE Local Security Checks
critical
74824openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1583-1)NessusSuSE Local Security Checks
critical
64135SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093)NessusSuSE Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
63145Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regressions (USN-1638-3)NessusUbuntu Local Security Checks
critical
801350Mozilla Thunderbird 16.x <= 16 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801336Mozilla SeaMonkey 2.x <= 2.13 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801327Mozilla Firefox 16.x <= 16 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6627Mozilla Thunderbird < 17.0 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6626SeaMonkey 2.x < 2.14 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6625Mozilla Firefox < 17.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
63091SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)NessusSuSE Local Security Checks
critical
63026Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2)NessusUbuntu Local Security Checks
critical
63025Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1)NessusUbuntu Local Security Checks
critical
63023Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)NessusUbuntu Local Security Checks
critical
63001SeaMonkey < 2.14 Multiple VulnerabilitiesNessusWindows
critical
63000Mozilla Thunderbird < 17.0 Multiple VulnerabilitiesNessusWindows
critical
62998Firefox < 17.0 Multiple VulnerabilitiesNessusWindows
critical
62996Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62994Firefox < 17.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62979FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)NessusFreeBSD Local Security Checks
high