Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2012-21
HistoryApr 24, 2012 - 12:00 a.m.

Multiple security flaws fixed in FreeType v2.4.9 — Mozilla

2012-04-2400:00:00
Mozilla Foundation
www.mozilla.org
22

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.244 Low

EPSS

Percentile

96.7%

JSON

Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected.

Affected configurations

Vulners
Node
mozillafirefox_mobileRange<10.0.4
CPENameOperatorVersion
firefox mobilelt10.0.4

References

Related

nessus 17
openvas 29
suse 6
ubuntu 1
gentoo 1
redhat 1
freebsd 2
oraclelinux 1
centos 1
securityvulns 5
debian 1
slackware 1
amazon 1
nvd 19
cve 19
veracode 14
debiancve 19
cvelist 19
prion 19
ubuntucve 19
nessus
nessus
GLSA-201204-04 : FreeType: Multiple vulnerabilities
2012-06-21 00:00:00
openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)
2014-06-13 00:00:00
SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)
2012-04-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201204-04 (FreeType)
2012-04-30 00:00:00
FreeBSD Ports: freetype2
2012-04-30 00:00:00
SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)
2012-12-13 00:00:00
suse
suse
Security update for freetype2 (important)
2012-04-11 21:08:19
freetype2 update (important)
2012-04-12 10:09:06
Security update for freetype2 (important)
2012-04-11 20:08:18
ubuntu
ubuntu
FreeType vulnerabilities
2012-03-23 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-04-17 00:00:00
redhat
redhat
(RHSA-2012:0467) Important: freetype security update
2012-04-10 00:00:00
freebsd
freebsd
freetype -- multiple vulnerabilities
2012-03-08 00:00:00
mozilla -- multiple vulnerabilities
2012-04-24 00:00:00
oraclelinux
oraclelinux
freetype security update
2012-04-10 00:00:00
centos
centos
freetype security update
2012-04-10 21:09:43
securityvulns
securityvulns
FreeType multiple security vulnerabilitiles
2012-03-09 00:00:00
[SECURITY] [DSA 2428-1] freetype security update
2012-03-09 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-05-09 00:00:00
debian
debian
[SECURITY] [DSA 2428-1] freetype security update
2012-03-08 20:48:00
slackware
slackware
[slackware-security] freetype
2012-06-25 15:27:37
amazon
amazon
Important: freetype
2012-04-30 14:46:00
nvd
nvd
CVE-2012-1135
2012-04-25 10:10:18
CVE-2012-1132
2012-04-25 10:10:18
CVE-2012-1136
2012-04-25 10:10:18
cve
cve
CVE-2012-1132
2012-04-25 10:10:18
CVE-2012-1142
2012-04-25 10:10:18
CVE-2012-1133
2012-04-25 10:10:18
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:09:33
Arbitrary Code Execution
2020-04-10 01:09:35
Denial Of Service (DoS)
2020-04-10 01:09:35
debiancve
debiancve
CVE-2012-1134
2012-04-25 10:10:18
CVE-2012-1136
2012-04-25 10:10:18
CVE-2012-1131
2012-04-25 10:10:18
cvelist
cvelist
CVE-2012-1132
2012-04-25 10:00:00
CVE-2012-1144
2012-04-25 10:00:00
CVE-2012-1136
2012-04-25 10:00:00
prion
prion
Heap overflow
2012-04-25 10:10:00
Heap overflow
2012-04-25 10:10:00
Memory corruption
2012-04-25 10:10:00
ubuntucve
ubuntucve
CVE-2012-1142
2012-03-07 00:00:00
CVE-2012-1132
2012-03-07 00:00:00
CVE-2012-1136
2012-03-07 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.244 Low

EPSS

Percentile

96.7%

JSON
Related for MFSA2012-21
nessus17openvas29suse6ubuntu1gentoo1redhat1freebsd2oraclelinux1centos1securityvulns5debian1slackware1amazon1nvd19cve19veracode14debiancve19cvelist19prion19ubuntucve19