CVE-2012-4212

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

http://secunia.com/advisories/51369

http://secunia.com/advisories/51370

http://secunia.com/advisories/51381

http://secunia.com/advisories/51434

http://secunia.com/advisories/51439

http://secunia.com/advisories/51440

http://www.mozilla.org/security/announce/2012/mfsa2012-105.html

http://www.securityfocus.com/bid/56630

http://www.ubuntu.com/usn/USN-1636-1

http://www.ubuntu.com/usn/USN-1638-1

http://www.ubuntu.com/usn/USN-1638-2

http://www.ubuntu.com/usn/USN-1638-3

https://bugzilla.mozilla.org/show_bug.cgi?id=786142

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15993

Details

Source: MITRE

Published: 2012-11-21

Updated: 2020-08-21

Type: CWE-416

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
74827openSUSE Security Update : seamonkey (openSUSE-SU-2012:1584-1)NessusSuSE Local Security Checks
critical
74826openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)NessusSuSE Local Security Checks
critical
74825openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1)NessusSuSE Local Security Checks
critical
74824openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1583-1)NessusSuSE Local Security Checks
critical
64135SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093)NessusSuSE Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
63145Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regressions (USN-1638-3)NessusUbuntu Local Security Checks
critical
801350Mozilla Thunderbird 16.x <= 16 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801336Mozilla SeaMonkey 2.x <= 2.13 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801327Mozilla Firefox 16.x <= 16 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6627Mozilla Thunderbird < 17.0 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6626SeaMonkey 2.x < 2.14 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6625Mozilla Firefox < 17.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
63091SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)NessusSuSE Local Security Checks
critical
63026Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2)NessusUbuntu Local Security Checks
critical
63025Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1)NessusUbuntu Local Security Checks
critical
63023Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)NessusUbuntu Local Security Checks
critical
63001SeaMonkey < 2.14 Multiple VulnerabilitiesNessusWindows
critical
63000Mozilla Thunderbird < 17.0 Multiple VulnerabilitiesNessusWindows
critical
62998Firefox < 17.0 Multiple VulnerabilitiesNessusWindows
critical
62996Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62994Firefox < 17.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62979FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)NessusFreeBSD Local Security Checks
high