CVE-2012-5839

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

http://osvdb.org/87607

http://rhn.redhat.com/errata/RHSA-2012-1482.html

http://rhn.redhat.com/errata/RHSA-2012-1483.html

http://secunia.com/advisories/51359

http://secunia.com/advisories/51360

http://secunia.com/advisories/51369

http://secunia.com/advisories/51370

http://secunia.com/advisories/51381

http://secunia.com/advisories/51434

http://secunia.com/advisories/51439

http://secunia.com/advisories/51440

http://www.mandriva.com/security/advisories?name=MDVSA-2012:173

http://www.mozilla.org/security/announce/2012/mfsa2012-105.html

http://www.palemoon.org/releasenotes-ng.shtml

http://www.securityfocus.com/bid/56637

http://www.ubuntu.com/usn/USN-1636-1

http://www.ubuntu.com/usn/USN-1638-1

http://www.ubuntu.com/usn/USN-1638-2

http://www.ubuntu.com/usn/USN-1638-3

https://bugzilla.mozilla.org/show_bug.cgi?id=804927

https://exchange.xforce.ibmcloud.com/vulnerabilities/80196

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16968

Details

Source: MITRE

Published: 2012-11-21

Updated: 2020-08-06

Type: CWE-787

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
74827openSUSE Security Update : seamonkey (openSUSE-SU-2012:1584-1)NessusSuSE Local Security Checks
critical
74826openSUSE Security Update : xulrunner (openSUSE-SU-2012:1586-1)NessusSuSE Local Security Checks
critical
74825openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2012:1585-1)NessusSuSE Local Security Checks
critical
74824openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:1583-1)NessusSuSE Local Security Checks
critical
68660Oracle Linux 6 : thunderbird (ELSA-2012-1483)NessusOracle Linux Local Security Checks
high
68659Oracle Linux 5 / 6 : firefox (ELSA-2012-1482)NessusOracle Linux Local Security Checks
high
64135SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7093)NessusSuSE Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
63145Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regressions (USN-1638-3)NessusUbuntu Local Security Checks
critical
801350Mozilla Thunderbird 16.x <= 16 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801336Mozilla SeaMonkey 2.x <= 2.13 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801327Mozilla Firefox 16.x <= 16 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6627Mozilla Thunderbird < 17.0 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6626SeaMonkey 2.x < 2.14 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6625Mozilla Firefox < 17.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
63091SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8381)NessusSuSE Local Security Checks
critical
63026Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : ubufox update (USN-1638-2)NessusUbuntu Local Security Checks
critical
63025Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1)NessusUbuntu Local Security Checks
critical
63023Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)NessusUbuntu Local Security Checks
critical
63020Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20121120)NessusScientific Linux Local Security Checks
critical
63019Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121120)NessusScientific Linux Local Security Checks
critical
63006CentOS 5 / 6 : thunderbird (CESA-2012:1483)NessusCentOS Local Security Checks
high
63005CentOS 5 / 6 : firefox (CESA-2012:1482)NessusCentOS Local Security Checks
high
63001SeaMonkey < 2.14 Multiple VulnerabilitiesNessusWindows
critical
63000Mozilla Thunderbird < 17.0 Multiple VulnerabilitiesNessusWindows
critical
62999Mozilla Thunderbird 10.x < 10.0.11 Multiple VulnerabilitiesNessusWindows
critical
62998Firefox < 17.0 Multiple VulnerabilitiesNessusWindows
critical
62997Firefox 10.x < 10.0.11 Multiple VulnerabilitiesNessusWindows
critical
62996Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62995Thunderbird 10.x < 10.0.11 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62994Firefox < 17.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62993Firefox < 10.0.11 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
62981RHEL 5 / 6 : thunderbird (RHSA-2012:1483)NessusRed Hat Local Security Checks
high
62980RHEL 5 / 6 : firefox (RHSA-2012:1482)NessusRed Hat Local Security Checks
high
62979FreeBSD : mozilla -- multiple vulnerabilities (d23119df-335d-11e2-b64c-c8600054b392)NessusFreeBSD Local Security Checks
high