Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-0457

Опубликовано: 13 мар. 2012
Источник: redhat
CVSS2: 6.8
EPSS Средний

Описание

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4firefoxWill not fix
Red Hat Enterprise Linux 5firefoxFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 5thunderbirdFixedRHSA-2012:038814.03.2012
Red Hat Enterprise Linux 6firefoxFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2012:038814.03.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
https://bugzilla.redhat.com/show_bug.cgi?id=803116Mozilla: SVG issues found with Address Sanitizer (MFSA 2012-14)

EPSS

Процентиль: 93%
0.11824
Средний

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-0457

ubuntu
больше 13 лет назад

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

nvd логотип

CVE-2012-0457

nvd
больше 13 лет назад

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

debian логотип

CVE-2012-0457

debian
больше 13 лет назад

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetwee ...

github логотип

GHSA-x6jc-376j-rvp7

github
больше 3 лет назад

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

oracle-oval логотип

ELSA-2012-0388

oracle-oval
больше 13 лет назад

ELSA-2012-0388: thunderbird security update (CRITICAL)

EPSS

Процентиль: 93%
0.11824
Средний

6.8 Medium

CVSS2