Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0452

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0452
Last Modified 15 Nov 2013 12:31:35
Published 10 Feb 2012 09:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0452

Summary

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.

Vulnerable Systems

Application

  • Mozilla Firefox 10.0

  • Mozilla Seamonkey 2.7

  • Mozilla Thunderbird 10.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=724284

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-10.html

UBUNTU - USN-1360-1

BID - 51975

MANDRIVA - MDVSA-2012:018

MANDRIVA - MDVSA-2012:017

SUSE - SUSE-SU-2012:0261

SUSE - openSUSE-SU-2012:0258

SECUNIA - 49055

Related Patches

Novell SUSE 2012:5807 MozillaFirefox security update for SLE 11 SP1 x86_64

Novell SUSE 2012:5807 MozillaFirefox security update for SLE 11 SP1 i586

Mozilla Firefox 10.0.1 for Mac OS X (Update) (See Note) (Rev 2)


Last Updated: 27 May 2016 10:58:15