Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0464

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0464
Last Modified 14 Feb 2013 11:53:22
Published 14 Mar 2012 03:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0464

Summary

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0

  • Mozilla Firefox 1.0.1

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.0.3

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5

  • Mozilla Firefox 1.0.6

  • Mozilla Firefox 1.0.7

  • Mozilla Firefox 1.0.8

  • Mozilla Firefox 1.4.1

  • Mozilla Firefox 1.5

  • Mozilla Firefox 1.5.0.1

  • Mozilla Firefox 1.5.0.10

  • Mozilla Firefox 1.5.0.11

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.0.3

  • Mozilla Firefox 1.5.0.4

  • Mozilla Firefox 1.5.0.5

  • Mozilla Firefox 1.5.0.6

  • Mozilla Firefox 1.5.0.7

  • Mozilla Firefox 1.5.0.8

  • Mozilla Firefox 1.5.0.9

  • Mozilla Firefox 1.5.1

  • Mozilla Firefox 1.5.2

  • Mozilla Firefox 1.5.3

  • Mozilla Firefox 1.5.4

  • Mozilla Firefox 1.5.5

  • Mozilla Firefox 1.5.6

  • Mozilla Firefox 1.5.7

  • Mozilla Firefox 1.5.8

  • Mozilla Firefox 1.8

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0 .1

  • Mozilla Firefox 2.0 .10

  • Mozilla Firefox 2.0 .4

  • Mozilla Firefox 2.0 .5

  • Mozilla Firefox 2.0 .6

  • Mozilla Firefox 2.0 .7

  • Mozilla Firefox 2.0 .9

  • Mozilla Firefox 2.0 8

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.13

  • Mozilla Firefox 2.0.0.14

  • Mozilla Firefox 2.0.0.15

  • Mozilla Firefox 2.0.0.16

  • Mozilla Firefox 2.0.0.17

  • Mozilla Firefox 2.0.0.18

  • Mozilla Firefox 2.0.0.19

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.20

  • Mozilla Firefox 2.0.0.21

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.10

  • Mozilla Firefox 3.0.11

  • Mozilla Firefox 3.0.12

  • Mozilla Firefox 3.0.13

  • Mozilla Firefox 3.0.14

  • Mozilla Firefox 3.0.15

  • Mozilla Firefox 3.0.16

  • Mozilla Firefox 3.0.17

  • Mozilla Firefox 3.0.19

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5

  • Mozilla Firefox 3.0.6

  • Mozilla Firefox 3.0.7

  • Mozilla Firefox 3.0.8

  • Mozilla Firefox 3.0.9

  • Mozilla Firefox 3.0beta5

  • Mozilla Firefox 3.1

  • Mozilla Firefox 3.2

  • Mozilla Firefox 3.5

  • Mozilla Firefox 3.5.1

  • Mozilla Firefox 3.5.10

  • Mozilla Firefox 3.5.11

  • Mozilla Firefox 3.5.12

  • Mozilla Firefox 3.5.13

  • Mozilla Firefox 3.5.14

  • Mozilla Firefox 3.5.15

  • Mozilla Firefox 3.5.16

  • Mozilla Firefox 3.5.17

  • Mozilla Firefox 3.5.18

  • Mozilla Firefox 3.5.19

  • Mozilla Firefox 3.5.2

  • Mozilla Firefox 3.5.3

  • Mozilla Firefox 3.5.4

  • Mozilla Firefox 3.5.5

  • Mozilla Firefox 3.5.6

  • Mozilla Firefox 3.5.7

  • Mozilla Firefox 3.5.8

  • Mozilla Firefox 3.5.9

  • Mozilla Firefox 3.6

  • Mozilla Firefox 3.6.1

  • Mozilla Firefox 3.6.10

  • Mozilla Firefox 3.6.11

  • Mozilla Firefox 3.6.12

  • Mozilla Firefox 3.6.13

  • Mozilla Firefox 3.6.14

  • Mozilla Firefox 3.6.15

  • Mozilla Firefox 3.6.16

  • Mozilla Firefox 3.6.17

  • Mozilla Firefox 3.6.18

  • Mozilla Firefox 3.6.19

  • Mozilla Firefox 3.6.2

  • Mozilla Firefox 3.6.20

  • Mozilla Firefox 3.6.21

  • Mozilla Firefox 3.6.22

  • Mozilla Firefox 3.6.23

  • Mozilla Firefox 3.6.24

  • Mozilla Firefox 3.6.25

  • Mozilla Firefox 3.6.26

  • Mozilla Firefox 3.6.27

  • Mozilla Firefox 3.6.3

  • Mozilla Firefox 3.6.4

  • Mozilla Firefox 3.6.6

  • Mozilla Firefox 3.6.7

  • Mozilla Firefox 3.6.8

  • Mozilla Firefox 3.6.9

  • Mozilla Firefox 4.0

  • Mozilla Firefox 4.0.1

  • Mozilla Firefox 5.0

  • Mozilla Firefox 5.0.1

  • Mozilla Firefox 6.0

  • Mozilla Firefox 6.0.1

  • Mozilla Firefox 6.0.2

  • Mozilla Firefox 7.0

  • Mozilla Firefox 7.0.1

  • Mozilla Firefox 8.0

  • Mozilla Firefox 8.0.1

  • Mozilla Firefox 9.0

  • Mozilla Firefox 9.0.1

  • Mozilla Firefox Esr 10.0

  • Mozilla Firefox Esr 10.1

  • Mozilla Firefox Esr 10.2

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.14

  • Mozilla Seamonkey 1.1.15

  • Mozilla Seamonkey 1.1.16

  • Mozilla Seamonkey 1.1.17

  • Mozilla Seamonkey 1.1.18

  • Mozilla Seamonkey 1.1.19

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9

  • Mozilla Seamonkey 1.5.0.10

  • Mozilla Seamonkey 1.5.0.8

  • Mozilla Seamonkey 1.5.0.9

  • Mozilla Seamonkey 2.0

  • Mozilla Seamonkey 2.0.1

  • Mozilla Seamonkey 2.0.10

  • Mozilla Seamonkey 2.0.11

  • Mozilla Seamonkey 2.0.12

  • Mozilla Seamonkey 2.0.13

  • Mozilla Seamonkey 2.0.14

  • Mozilla Seamonkey 2.0.2

  • Mozilla Seamonkey 2.0.3

  • Mozilla Seamonkey 2.0.4

  • Mozilla Seamonkey 2.0.5

  • Mozilla Seamonkey 2.0.6

  • Mozilla Seamonkey 2.0.7

  • Mozilla Seamonkey 2.0.8

  • Mozilla Seamonkey 2.0.9

  • Mozilla Seamonkey 2.1

  • Mozilla Seamonkey 2.2

  • Mozilla Seamonkey 2.3

  • Mozilla Seamonkey 2.3.1

  • Mozilla Seamonkey 2.3.2

  • Mozilla Seamonkey 2.3.3

  • Mozilla Seamonkey 2.4

  • Mozilla Seamonkey 2.4.1

  • Mozilla Seamonkey 2.5

  • Mozilla Seamonkey 2.6

  • Mozilla Seamonkey 2.6.1

  • Mozilla Seamonkey 2.7

  • Mozilla Thunderbird 1.0

  • Mozilla Thunderbird 1.0.1

  • Mozilla Thunderbird 1.0.2

  • Mozilla Thunderbird 1.0.3

  • Mozilla Thunderbird 1.0.4

  • Mozilla Thunderbird 1.0.5

  • Mozilla Thunderbird 1.0.6

  • Mozilla Thunderbird 1.0.7

  • Mozilla Thunderbird 1.0.8

  • Mozilla Thunderbird 1.5

  • Mozilla Thunderbird 1.5.0.1

  • Mozilla Thunderbird 1.5.0.10

  • Mozilla Thunderbird 1.5.0.11

  • Mozilla Thunderbird 1.5.0.12

  • Mozilla Thunderbird 1.5.0.13

  • Mozilla Thunderbird 1.5.0.14

  • Mozilla Thunderbird 1.5.0.2

  • Mozilla Thunderbird 1.5.0.3

  • Mozilla Thunderbird 1.5.0.4

  • Mozilla Thunderbird 1.5.0.5

  • Mozilla Thunderbird 1.5.0.6

  • Mozilla Thunderbird 1.5.0.7

  • Mozilla Thunderbird 1.5.0.8

  • Mozilla Thunderbird 1.5.0.9

  • Mozilla Thunderbird 1.5.1

  • Mozilla Thunderbird 1.5.2

  • Mozilla Thunderbird 1.7.1

  • Mozilla Thunderbird 1.7.3

  • Mozilla Thunderbird 2.0

  • Mozilla Thunderbird 2.0 .12

  • Mozilla Thunderbird 2.0 .13

  • Mozilla Thunderbird 2.0 .14

  • Mozilla Thunderbird 2.0 .4

  • Mozilla Thunderbird 2.0 .5

  • Mozilla Thunderbird 2.0 .6

  • Mozilla Thunderbird 2.0 .9

  • Mozilla Thunderbird 2.0 8

  • Mozilla Thunderbird 2.0.0.0

  • Mozilla Thunderbird 2.0.0.1

  • Mozilla Thunderbird 2.0.0.11

  • Mozilla Thunderbird 2.0.0.12

  • Mozilla Thunderbird 2.0.0.13

  • Mozilla Thunderbird 2.0.0.14

  • Mozilla Thunderbird 2.0.0.15

  • Mozilla Thunderbird 2.0.0.16

  • Mozilla Thunderbird 2.0.0.17

  • Mozilla Thunderbird 2.0.0.18

  • Mozilla Thunderbird 2.0.0.19

  • Mozilla Thunderbird 2.0.0.2

  • Mozilla Thunderbird 2.0.0.20

  • Mozilla Thunderbird 2.0.0.21

  • Mozilla Thunderbird 2.0.0.22

  • Mozilla Thunderbird 2.0.0.23

  • Mozilla Thunderbird 2.0.0.3

  • Mozilla Thunderbird 2.0.0.4

  • Mozilla Thunderbird 2.0.0.5

  • Mozilla Thunderbird 2.0.0.6

  • Mozilla Thunderbird 2.0.0.7

  • Mozilla Thunderbird 2.0.0.8

  • Mozilla Thunderbird 2.0.0.9

  • Mozilla Thunderbird 3.0

  • Mozilla Thunderbird 3.0.1

  • Mozilla Thunderbird 3.0.10

  • Mozilla Thunderbird 3.0.11

  • Mozilla Thunderbird 3.0.2

  • Mozilla Thunderbird 3.0.3

  • Mozilla Thunderbird 3.0.4

  • Mozilla Thunderbird 3.0.5

  • Mozilla Thunderbird 3.0.6

  • Mozilla Thunderbird 3.0.7

  • Mozilla Thunderbird 3.0.8

  • Mozilla Thunderbird 3.0.9

  • Mozilla Thunderbird 3.1

  • Mozilla Thunderbird 3.1.1

  • Mozilla Thunderbird 3.1.10

  • Mozilla Thunderbird 3.1.11

  • Mozilla Thunderbird 3.1.12

  • Mozilla Thunderbird 3.1.13

  • Mozilla Thunderbird 3.1.14

  • Mozilla Thunderbird 3.1.15

  • Mozilla Thunderbird 3.1.16

  • Mozilla Thunderbird 3.1.17

  • Mozilla Thunderbird 3.1.18

  • Mozilla Thunderbird 3.1.19

  • Mozilla Thunderbird 3.1.2

  • Mozilla Thunderbird 3.1.3

  • Mozilla Thunderbird 3.1.4

  • Mozilla Thunderbird 3.1.5

  • Mozilla Thunderbird 3.1.6

  • Mozilla Thunderbird 3.1.7

  • Mozilla Thunderbird 3.1.8

  • Mozilla Thunderbird 3.1.9

  • Mozilla Thunderbird 5.0

  • Mozilla Thunderbird 6.0

  • Mozilla Thunderbird 6.0.1

  • Mozilla Thunderbird 6.0.2

  • Mozilla Thunderbird 8.0

  • Mozilla Thunderbird 9.0

  • Mozilla Thunderbird 9.0.1

  • Mozilla Thunderbird Esr 10.0

  • Mozilla Thunderbird Esr 10.0.1

  • Mozilla Thunderbird Esr 10.0.2


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=735104

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=720079

MISC - http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663

MISC - http://www.zdnet.com/blog/security/mozilla-knew-of-pwn2own-bug-before-cansecwest/10757

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-19.html

MISC - http://pwn2own.zerodayinitiative.com/status.html

UBUNTU - USN-1400-3

SECUNIA - 48629

SECUNIA - 48513

SECUNIA - 48495

SUSE - openSUSE-SU-2012:0417

UBUNTU - USN-1401-1

UBUNTU - USN-1400-5

UBUNTU - USN-1400-4

UBUNTU - USN-1400-2

SECUNIA - 48553

SECUNIA - 48496

SECUNIA - 48624

SECUNIA - 48561

SECUNIA - 48823

Related Patches

Red Hat 2012:0387-01 RHSA Critical: firefox security and bug fix update for RHEL 5 x86

Red Hat 2012:0387-01 RHSA Critical: firefox security and bug fix update for RHEL 5 x86_64

Red Hat 2012:0388-01 RHSA Critical: thunderbird security update for RHEL 5 x86

Red Hat 2012:0388-01 RHSA Critical: thunderbird security update for RHEL 5 x86_64

Novell SUSE 2012:6007 MozillaFirefox security update for SLE 11 SP1 i586

Novell SUSE 2012:6007 MozillaFirefox security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8029 firefox-201203 security update for SLE 10 SP4 i586

Novell SUSE 2012:8029 firefox-201203 security update for SLE 10 SP4 x86_64

Mozilla Firefox ESR 10.0.3 for Mac OS X (Update) (See Note) (Rev 2)

Mozilla Firefox (English) 11.0 for Windows (Update) (See Notes) (Rev 2)

Mozilla Firefox 11.0 for Mac OS X (Update) (See Note) (Rev 2)

Mozilla Firefox (English) 3.6.28 for Windows (Update) (See Notes)

Mozilla Firefox 3.6.28 for Mac OS X (Update) (See Note)

Mozilla Firefox ESR (English) 10.0.3 for Windows (Update) (See Notes)


Last Updated: 27 May 2016 10:57:28