Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-0464

Опубликовано: 13 мар. 2012
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4firefoxWill not fix
Red Hat Enterprise Linux 5firefoxFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 5thunderbirdFixedRHSA-2012:038814.03.2012
Red Hat Enterprise Linux 6firefoxFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 6xulrunnerFixedRHSA-2012:038714.03.2012
Red Hat Enterprise Linux 6thunderbirdFixedRHSA-2012:038814.03.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
https://bugzilla.redhat.com/show_bug.cgi?id=803109Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)

EPSS

Процентиль: 82%
0.01871
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-0464

ubuntu
больше 13 лет назад

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

nvd логотип

CVE-2012-0464

nvd
больше 13 лет назад

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

debian логотип

CVE-2012-0464

debian
больше 13 лет назад

Use-after-free vulnerability in the browser engine in Mozilla Firefox ...

github логотип

GHSA-v8w8-gx62-crxq

github
больше 3 лет назад

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

oracle-oval логотип

ELSA-2012-0388

oracle-oval
больше 13 лет назад

ELSA-2012-0388: thunderbird security update (CRITICAL)

EPSS

Процентиль: 82%
0.01871
Низкий

6.8 Medium

CVSS2