Lucene search

[email protected]CVE-2012-0449

HistoryFeb 01, 2012 - 4:55 p.m.

CVE-2012-0449

2012-02-0116:55:01

CWE-119

[email protected]

web.nvd.nist.gov

mozilla

firefox

thunderbird

seamonkey

cve-2012-0449

memory corruption

denial of service

application crash

xslt stylesheet

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.9 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

87.0%

JSON

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.

Affected configurations

NVD

Node

mozillafirefoxRange<3.6.26

mozillafirefoxRange4.0–10.0

mozillaseamonkeyRange<2.7

mozillathunderbirdRange<3.1.18

mozillathunderbirdRange5.0–10.0

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

Node

opensuseopensuseMatch11.4

suselinux_enterprise_desktopMatch10sp4

suselinux_enterprise_desktopMatch11sp1

suselinux_enterprise_serverMatch10sp4

suselinux_enterprise_serverMatch11sp1

suselinux_enterprise_serverMatch11sp1vmware

suselinux_enterprise_software_development_kitMatch10sp4

suselinux_enterprise_software_development_kitMatch11sp1

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt3.6.26
mozilla:firefoxmozilla firefoxlt10.0
mozilla:seamonkeymozilla seamonkeylt2.7
mozilla:thunderbirdmozilla thunderbirdlt3.1.18
mozilla:thunderbirdmozilla thunderbirdlt10.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	3.6.26
mozilla:firefox	mozilla firefox	lt	10.0
mozilla:seamonkey	mozilla seamonkey	lt	2.7
mozilla:thunderbird	mozilla thunderbird	lt	3.1.18
mozilla:thunderbird	mozilla thunderbird	lt	10.0