CVE-2012-4214

HIGH

Description

Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840.

References

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

http://rhn.redhat.com/errata/RHSA-2012-1482.html

http://rhn.redhat.com/errata/RHSA-2012-1483.html

http://secunia.com/advisories/51359

http://secunia.com/advisories/51360

http://secunia.com/advisories/51369

http://secunia.com/advisories/51370

http://secunia.com/advisories/51381

http://secunia.com/advisories/51434

http://secunia.com/advisories/51439

http://secunia.com/advisories/51440

http://www.mandriva.com/security/advisories?name=MDVSA-2012:173

http://www.mozilla.org/security/announce/2012/mfsa2012-105.html

http://www.palemoon.org/releasenotes-ng.shtml

http://www.securityfocus.com/bid/56628

http://www.ubuntu.com/usn/USN-1636-1

http://www.ubuntu.com/usn/USN-1638-1

http://www.ubuntu.com/usn/USN-1638-2

http://www.ubuntu.com/usn/USN-1638-3

https://bugzilla.mozilla.org/show_bug.cgi?id=795804

https://exchange.xforce.ibmcloud.com/vulnerabilities/80187

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16884

Details

Source: MITRE

Published: 2012-11-21

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 10

Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 10

Severity: HIGH