Lucene search
Mozilla FoundationMFSA2012-08HistoryJan 31, 2012 - 12:00 a.m.
Crash with malformed embedded XSLT stylesheets — Mozilla
2012-01-3100:00:00
Mozilla Foundation
www.mozilla.org
20
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
87.0%
Security researchers Nicolas Grégoire and Aki Helin independently reported that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to a memory corruption. While there is no evidence that this is directly exploitable, there is a possibility of remote code execution.
Affected configurations
Node
mozillafirefoxRange<10
ORmozillafirefoxRange<3.6.26
ORmozillaseamonkeyRange<2.7
ORmozillathunderbirdRange<10
ORmozillathunderbirdRange<3.1.18
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 10 | |
| firefox | lt | 3.6.26 | |
| seamonkey | lt | 2.7 | |
| thunderbird | lt | 10 | |
| thunderbird | lt | 3.1.18 |
Related
cvelist
cvelist
CVE-2012-0449
2012-02-01 16:00:00
prion
prion
Memory corruption
2012-02-01 16:55:00
cve
cve
CVE-2012-0449
2012-02-01 16:55:01
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:07:21
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-08) - Linux
2021-11-16 00:00:00
RedHat Update for thunderbird RHSA-2012:0080-01
2012-07-09 00:00:00
CentOS Update for thunderbird CESA-2012:0080 centos6
2012-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2012-0449
2012-02-01 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2012-08
2012-02-03 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-02-03 00:00:00
nvd
nvd
CVE-2012-0449
2012-02-01 16:55:01
debian
debian
[SECURITY] [DSA 2400-1] iceweasel security update
2012-02-02 19:52:15
[SECURITY] [DSA 2406-1] icedove security update
2012-02-09 12:07:23
[SECURITY] [DSA 2402-1] iceape security update
2012-02-02 19:53:30
nessus
nessus
CentOS 6 : thunderbird (CESA-2012:0080)
2012-02-02 00:00:00
Debian DSA-2400-1 : iceweasel - several vulnerabilities
2012-02-03 00:00:00
osv
osv
iceape - several
2012-02-02 00:00:00
iceweasel - several
2012-02-02 00:00:00
icedove - several
2012-02-09 00:00:00
centos
centos
thunderbird security update
2012-02-01 11:56:07
firefox, xulrunner security update
2012-02-01 03:34:27
oraclelinux
oraclelinux
thunderbird security update
2012-01-31 00:00:00
firefox security update
2012-01-31 00:00:00
redhat
redhat
(RHSA-2012:0080) Critical: thunderbird security update
2012-01-31 00:00:00
(RHSA-2012:0079) Critical: firefox security update
2012-01-31 00:00:00
suse
suse
Security update for Mozilla XULrunner (important)
2012-02-09 19:07:25
Security update for Mozilla Firefox (important)
2012-02-09 19:10:22
MozillaFirefox: Version 10 (important)
2012-02-09 19:10:49
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-02-08 00:00:00
Xulrunnner vulnerabilities
2012-02-08 00:00:00
Firefox vulnerabilities
2012-02-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-01-31 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
87.0%
Related for MFSA2012-08