Lucene search

[email protected]CVE-2012-3967

HistoryAug 29, 2012 - 10:56 a.m.

CVE-2012-3967

2012-08-2910:56:40

CWE-787

[email protected]

web.nvd.nist.gov

cve-2012-3967

webgl

mozilla firefox

remote code execution

linux

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.

Affected configurations

NVD

Node

mozillafirefoxRange<15.0

mozillafirefox_esrRange10.0–10.0.7

mozillaseamonkeyRange<2.12

mozillathunderbirdRange<15.0

mozillathunderbird_esrRange10.0–10.0.7

AND

linuxlinux_kernel

Node

opensuseopensuseMatch12.2

suselinux_enterprise_desktopMatch10sp4

suselinux_enterprise_desktopMatch11sp2

suselinux_enterprise_serverMatch10sp4

suselinux_enterprise_serverMatch11sp2

suselinux_enterprise_serverMatch11sp2vmware

suselinux_enterprise_software_development_kitMatch10sp4

suselinux_enterprise_software_development_kitMatch11sp2

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.3

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04esm

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt15.0
mozilla:firefox_esrmozilla firefox esrlt10.0.7
mozilla:seamonkeymozilla seamonkeylt2.12
mozilla:thunderbirdmozilla thunderbirdlt15.0
mozilla:thunderbird_esrmozilla thunderbird esrlt10.0.7

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	15.0
mozilla:firefox_esr	mozilla firefox esr	lt	10.0.7
mozilla:seamonkey	mozilla seamonkey	lt	2.12
mozilla:thunderbird	mozilla thunderbird	lt	15.0
mozilla:thunderbird_esr	mozilla thunderbird esr	lt	10.0.7