CVE-2012-4204

HIGH

Description

The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

http://osvdb.org/87592

http://secunia.com/advisories/51369

http://secunia.com/advisories/51370

http://secunia.com/advisories/51381

http://secunia.com/advisories/51434

http://secunia.com/advisories/51439

http://secunia.com/advisories/51440

http://www.mozilla.org/security/announce/2012/mfsa2012-96.html

http://www.ubuntu.com/usn/USN-1636-1

http://www.ubuntu.com/usn/USN-1638-1

http://www.ubuntu.com/usn/USN-1638-2

http://www.ubuntu.com/usn/USN-1638-3

https://bugzilla.mozilla.org/show_bug.cgi?id=778603

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16766

Details

Source: MITRE

Published: 2012-11-21

Updated: 2020-08-13

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (23 total)

ID	Name	Product	Family	Severity
74827	openSUSE Security Update : seamonkey (openSUSE-SU-2012:1584-1)	Nessus	SuSE Local Security Checks	critical
74826	openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)	Nessus	SuSE Local Security Checks	critical
74825	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1)	Nessus	SuSE Local Security Checks	critical
74824	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1583-1)	Nessus	SuSE Local Security Checks	critical
64135	SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093)	Nessus	SuSE Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
63145	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regressions (USN-1638-3)	Nessus	Ubuntu Local Security Checks	critical
801350	Mozilla Thunderbird 16.x <= 16 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
801336	Mozilla SeaMonkey 2.x <= 2.13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801327	Mozilla Firefox 16.x <= 16 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
63091	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)	Nessus	SuSE Local Security Checks	critical
6627	Mozilla Thunderbird < 17.0 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6626	SeaMonkey 2.x < 2.14 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6625	Mozilla Firefox < 17.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
63026	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2)	Nessus	Ubuntu Local Security Checks	critical
63025	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1)	Nessus	Ubuntu Local Security Checks	critical
63023	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)	Nessus	Ubuntu Local Security Checks	critical
63001	SeaMonkey < 2.14 Multiple Vulnerabilities	Nessus	Windows	critical
63000	Mozilla Thunderbird < 17.0 Multiple Vulnerabilities	Nessus	Windows	critical
62998	Firefox < 17.0 Multiple Vulnerabilities	Nessus	Windows	critical
62996	Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
62994	Firefox < 17.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
62979	FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)	Nessus	FreeBSD Local Security Checks	critical