Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1954

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-1954
Last Modified 10 Oct 2014 12:51:44
Published 18 Jul 2012 06:26:48
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1954

Summary

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.

Vulnerable Systems

Application

  • Mozilla Firefox 11.0

  • Mozilla Firefox 12.0

  • Mozilla Firefox 13.0

  • Mozilla Firefox 4.0

  • Mozilla Firefox 4.0.1

  • Mozilla Firefox 5.0

  • Mozilla Firefox 5.0.1

  • Mozilla Firefox 6.0

  • Mozilla Firefox 6.0.1

  • Mozilla Firefox 6.0.2

  • Mozilla Firefox 7.0

  • Mozilla Firefox 7.0.1

  • Mozilla Firefox 8.0

  • Mozilla Firefox 8.0.1

  • Mozilla Firefox 9.0

  • Mozilla Firefox 9.0.1

  • Mozilla Firefox Esr 10.0

  • Mozilla Firefox Esr 10.0.1

  • Mozilla Firefox Esr 10.0.2

  • Mozilla Firefox Esr 10.0.3

  • Mozilla Firefox Esr 10.0.4

  • Mozilla Firefox Esr 10.0.5

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.14

  • Mozilla Seamonkey 1.1.15

  • Mozilla Seamonkey 1.1.16

  • Mozilla Seamonkey 1.1.17

  • Mozilla Seamonkey 1.1.18

  • Mozilla Seamonkey 1.1.19

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9

  • Mozilla Seamonkey 1.5.0.10

  • Mozilla Seamonkey 1.5.0.8

  • Mozilla Seamonkey 1.5.0.9

  • Mozilla Seamonkey 2.0

  • Mozilla Seamonkey 2.0.1

  • Mozilla Seamonkey 2.0.10

  • Mozilla Seamonkey 2.0.11

  • Mozilla Seamonkey 2.0.12

  • Mozilla Seamonkey 2.0.13

  • Mozilla Seamonkey 2.0.14

  • Mozilla Seamonkey 2.0.2

  • Mozilla Seamonkey 2.0.3

  • Mozilla Seamonkey 2.0.4

  • Mozilla Seamonkey 2.0.5

  • Mozilla Seamonkey 2.0.6

  • Mozilla Seamonkey 2.0.7

  • Mozilla Seamonkey 2.0.8

  • Mozilla Seamonkey 2.0.9

  • Mozilla Seamonkey 2.1

  • Mozilla Seamonkey 2.10

  • Mozilla Thunderbird 10.0

  • Mozilla Thunderbird 10.0.1

  • Mozilla Thunderbird 10.0.2

  • Mozilla Thunderbird 10.0.3

  • Mozilla Thunderbird 10.0.4

  • Mozilla Thunderbird 11.0

  • Mozilla Thunderbird 12.0

  • Mozilla Thunderbird 13.0

  • Mozilla Thunderbird 5.0

  • Mozilla Thunderbird 6.0

  • Mozilla Thunderbird 6.0.1

  • Mozilla Thunderbird 6.0.2

  • Mozilla Thunderbird 7.0

  • Mozilla Thunderbird 7.0.1

  • Mozilla Thunderbird 8.0

  • Mozilla Thunderbird 9.0

  • Mozilla Thunderbird 9.0.1

  • Mozilla Thunderbird Esr 10.0

  • Mozilla Thunderbird Esr 10.0.1

  • Mozilla Thunderbird Esr 10.0.2

  • Mozilla Thunderbird Esr 10.0.3

  • Mozilla Thunderbird Esr 10.0.4

  • Mozilla Thunderbird Esr 10.0.5


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=765139

CONFIRM - http://www.mozilla.org/security/announce/2012/mfsa2012-44.html

SUSE - openSUSE-SU-2012:0899

DEBIAN - DSA-2528

REDHAT - RHSA-2012:1088

SUSE - openSUSE-SU-2012:0917

SUSE - SUSE-SU-2012:0896

SUSE - SUSE-SU-2012:0895

DEBIAN - DSA-2514

UBUNTU - USN-1509-2

UBUNTU - USN-1509-1

SECTRACK - 1027256

SECUNIA - 49992

SECUNIA - 49972

SECUNIA - 49965

Related Patches

SUN145200-12 Solaris 10 SPARC: Thunderbird patch (Rev 2)

SUN145201-12 Solaris 10 x86: Thunderbird patch (Rev 2)

Red Hat 2012:1088-01 RHSA Critical: firefox security update for RHEL 5 x86

Red Hat 2012:1088-01 RHSA Critical: firefox security update for RHEL 5 x86_64

Red Hat 2012:1089-01 RHSA Critical: thunderbird security update for RHEL 5 x86

Red Hat 2012:1089-01 RHSA Critical: thunderbird security update for RHEL 5 x86_64

Novell SUSE 2012:6574 firefox-201207 security update for SLE 11 SP1 i586

Novell SUSE 2012:6574 firefox-201207 security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8226 firefox-201207 security update for SLE 10 SP4 i586

Novell SUSE 2012:8226 firefox-201207 security update for SLE 10 SP4 x86_64

Mozilla Firefox ESR 10.0.6 for Mac OS X (Update) (See Note)

Mozilla Firefox (en-us) 14.0.1 for Windows (Update) (See Notes)

Mozilla Firefox 14.0.1 for Mac OS X (Update) (See Note)

Mozilla Firefox ESR (en-us) 10.0.6 for Windows (Update) (See Notes)


Last Updated: 27 May 2016 10:54:53