Lucene search
Mozilla FoundationMFSA2012-07HistoryJan 31, 2012 - 12:00 a.m.
Potential Memory Corruption When Decoding Ogg Vorbis files — Mozilla
2012-01-3100:00:00
Mozilla Foundation
www.mozilla.org
25
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.885 High
EPSS
Percentile
98.7%
Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution.
Affected configurations
Node
mozillafirefoxRange<10
ORmozillafirefoxRange<3.6.26
ORmozillaseamonkeyRange<2.7
ORmozillathunderbirdRange<10
ORmozillathunderbirdRange<3.1.18
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 10 | |
| firefox | lt | 3.6.26 | |
| seamonkey | lt | 2.7 | |
| thunderbird | lt | 10 | |
| thunderbird | lt | 3.1.18 |
Related
nessus
nessus
Mandriva Linux Security Advisory : libvorbis (MDVSA-2012:052)
2012-04-04 00:00:00
openSUSE Security Update : libvorbis (openSUSE-2012-141)
2014-06-13 00:00:00
openvas
openvas
Fedora Update for libvorbis FEDORA-2012-1652
2012-03-19 00:00:00
CentOS Update for libvorbis CESA-2012:0136 centos6
2012-07-30 00:00:00
openSUSE: Security Advisory for libvorbis (openSUSE-SU-2012:0319-1)
2012-08-02 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libvorbis-1.3.3-1.fc16
2012-02-17 00:57:43
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
libvorbis library buffer overflow
2012-02-22 00:00:00
Mozilla Foundation Security Advisory 2012-07
2012-02-03 00:00:00
[SECURITY] [DSA 2412-1] libvorbis security update
2012-02-22 00:00:00
debian
debian
[SECURITY] [DSA 2412-1] libvorbis security update
2012-02-19 20:23:13
[SECURITY] [DSA 2400-1] iceweasel security update
2012-02-02 19:52:15
[SECURITY] [DSA 2402-1] iceape security update
2012-02-02 19:53:30
redhat
redhat
(RHSA-2012:0136) Important: libvorbis security update
2012-02-15 00:00:00
(RHSA-2012:0079) Critical: firefox security update
2012-01-31 00:00:00
(RHSA-2012:0422) Moderate: rhev-hypervisor6 security and bug fix update
2012-03-26 00:00:00
freebsd
freebsd
libtremor -- memory corruption
2012-01-31 00:00:00
suse
suse
Security update for libvorbis (important)
2012-03-06 23:08:25
libvorbis: fixed a heap based buffer overflow (important)
2012-03-01 23:08:28
Security update for Mozilla Firefox (important)
2012-02-09 19:10:22
ubuntucve
ubuntucve
CVE-2012-0444
2012-02-01 00:00:00
prion
prion
Memory corruption
2012-02-01 16:55:00
cvelist
cvelist
CVE-2012-0444
2012-02-01 16:00:00
ubuntu
ubuntu
libvorbis vulnerability
2012-02-20 00:00:00
Thunderbird vulnerabilities
2012-02-08 00:00:00
Xulrunnner vulnerabilities
2012-02-08 00:00:00
debiancve
debiancve
CVE-2012-0444
2012-02-01 16:55:01
nvd
nvd
CVE-2012-0444
2012-02-01 16:55:01
zdi
zdi
centos
centos
libvorbis security update
2012-02-15 09:08:27
firefox, xulrunner security update
2012-02-01 03:34:27
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:07:20
oraclelinux
oraclelinux
libvorbis security update
2012-02-15 00:00:00
libvorbis security update
2018-04-05 00:00:00
firefox security update
2012-01-31 00:00:00
amazon
amazon
Important: libvorbis
2012-03-04 16:07:00
cve
cve
CVE-2012-0444
2012-02-01 16:55:01
osv
osv
iceape - several
2012-02-02 00:00:00
iceweasel - several
2012-02-02 00:00:00
icedove - several
2012-02-09 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.885 High
EPSS
Percentile
98.7%
Related for MFSA2012-07