Lucene search

[email protected]CVE-2012-3988

HistoryOct 10, 2012 - 5:55 p.m.

CVE-2012-3988

2012-10-1017:55:01

CWE-416

[email protected]

web.nvd.nist.gov

cve-2012-3988

mozilla firefox

firefox esr

thunderbird

seamonkey

vulnerability

remote code execution

use-after-free

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.3 High

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%

JSON

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.

Affected configurations

NVD

Node

mozillafirefox_esrRange<10.0.8

Node

mozillathunderbird_esrRange<10.0.8

Node

mozillafirefoxRange<16.0

Node

mozillathunderbirdRange<16.0

Node

mozillaseamonkeyRange<2.13

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04esm

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.3

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

suselinux_enterprise_desktopMatch10sp4

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_sdkMatch10sp4

suselinux_enterprise_serverMatch10sp4

suselinux_enterprise_serverMatch11sp3

suselinux_enterprise_serverMatch11sp3vmware

CPENameOperatorVersion
mozilla:firefox_esrmozilla firefox esrlt10.0.8

CPE	Name	Operator	Version
mozilla:firefox_esr	mozilla firefox esr	lt	10.0.8

References

lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html

osvdb.org/86109

rhn.redhat.com/errata/RHSA-2012-1351.html

secunia.com/advisories/50856

secunia.com/advisories/50892

secunia.com/advisories/50904

secunia.com/advisories/50935

secunia.com/advisories/50936

secunia.com/advisories/50984

secunia.com/advisories/55318

www.mandriva.com/security/advisories?name=MDVSA-2012:163

www.mozilla.org/security/announce/2012/mfsa2012-79.html

www.ubuntu.com/usn/USN-1611-1

bugzilla.mozilla.org/show_bug.cgi?id=725770

exchange.xforce.ibmcloud.com/vulnerabilities/79149

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16334

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.3 High

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%

JSON

Related for CVE-2012-3988

prion1 openvas46 mozilla1 cvelist1 ubuntucve1 nvd1 veracode15 nessus31 oraclelinux2 centos2 redhat2 ubuntu2 suse3 freebsd1 securityvulns1 ibm2 gentoo1