Lucene search

[email protected]NVD:CVE-2012-1947

HistoryJun 05, 2012 - 11:55 p.m.

CVE-2012-1947

2012-06-0523:55:01

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.137 Low

EPSS

Percentile

95.6%

JSON

Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.

Affected configurations

NVD

Node

mozillafirefoxMatch4.0

mozillafirefoxMatch4.0beta1

mozillafirefoxMatch4.0beta10

mozillafirefoxMatch4.0beta11

mozillafirefoxMatch4.0beta12

mozillafirefoxMatch4.0beta2

mozillafirefoxMatch4.0beta3

mozillafirefoxMatch4.0beta4

mozillafirefoxMatch4.0beta5

mozillafirefoxMatch4.0beta6

mozillafirefoxMatch4.0beta7

mozillafirefoxMatch4.0beta8

mozillafirefoxMatch4.0beta9

mozillafirefoxMatch4.0.1

mozillafirefoxMatch5.0

mozillafirefoxMatch5.0.1

mozillafirefoxMatch6.0

mozillafirefoxMatch6.0.1

mozillafirefoxMatch6.0.2

mozillafirefoxMatch7.0

mozillafirefoxMatch7.0.1

mozillafirefoxMatch8.0

mozillafirefoxMatch8.0.1

mozillafirefoxMatch9.0

mozillafirefoxMatch9.0.1

mozillafirefoxMatch10.0

mozillafirefoxMatch10.0.1

mozillafirefoxMatch10.0.2

mozillafirefoxMatch11.0

mozillafirefoxMatch12.0

mozillafirefoxMatch12.0beta6

mozillafirefox_esrMatch10.0

mozillafirefox_esrMatch10.0.1

mozillafirefox_esrMatch10.0.2

mozillafirefox_esrMatch10.0.3

mozillafirefox_esrMatch10.0.4

mozillaseamonkeyRange≤2.9

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch1.1.18

mozillaseamonkeyMatch1.1.19

mozillaseamonkeyMatch1.5.0.8

mozillaseamonkeyMatch1.5.0.9

mozillaseamonkeyMatch1.5.0.10

mozillaseamonkeyMatch2.0

mozillaseamonkeyMatch2.0alpha_1

mozillaseamonkeyMatch2.0alpha_2

mozillaseamonkeyMatch2.0alpha_3

mozillaseamonkeyMatch2.0beta_1

mozillaseamonkeyMatch2.0beta_2

mozillaseamonkeyMatch2.0rc1

mozillaseamonkeyMatch2.0rc2

mozillaseamonkeyMatch2.0.1

mozillaseamonkeyMatch2.0.2

mozillaseamonkeyMatch2.0.3

mozillaseamonkeyMatch2.0.4

mozillaseamonkeyMatch2.0.5

mozillaseamonkeyMatch2.0.6

mozillaseamonkeyMatch2.0.7

mozillaseamonkeyMatch2.0.8

mozillaseamonkeyMatch2.0.9

mozillaseamonkeyMatch2.0.10

mozillaseamonkeyMatch2.0.11

mozillaseamonkeyMatch2.0.12

mozillaseamonkeyMatch2.0.13

mozillaseamonkeyMatch2.0.14

mozillaseamonkeyMatch2.1

mozillaseamonkeyMatch2.1alpha1

mozillaseamonkeyMatch2.1alpha2

mozillaseamonkeyMatch2.1alpha3

mozillaseamonkeyMatch2.1beta1

mozillaseamonkeyMatch2.1beta2

mozillaseamonkeyMatch2.1beta3

mozillaseamonkeyMatch2.1rc1

mozillaseamonkeyMatch2.1rc2

mozillaseamonkeyMatch2.2

mozillaseamonkeyMatch2.2beta1

mozillaseamonkeyMatch2.2beta2

mozillaseamonkeyMatch2.2beta3

mozillaseamonkeyMatch2.3

mozillaseamonkeyMatch2.3beta1

mozillaseamonkeyMatch2.3beta2

mozillaseamonkeyMatch2.3beta3

mozillaseamonkeyMatch2.3.1

mozillaseamonkeyMatch2.3.2

mozillaseamonkeyMatch2.3.3

mozillaseamonkeyMatch2.4

mozillaseamonkeyMatch2.4beta1

mozillaseamonkeyMatch2.4beta2

mozillaseamonkeyMatch2.4beta3

mozillaseamonkeyMatch2.4.1

mozillaseamonkeyMatch2.5

mozillaseamonkeyMatch2.5beta1

mozillaseamonkeyMatch2.5beta2

mozillaseamonkeyMatch2.5beta3

mozillaseamonkeyMatch2.5beta4

mozillaseamonkeyMatch2.6

mozillaseamonkeyMatch2.6beta1

mozillaseamonkeyMatch2.6beta2

mozillaseamonkeyMatch2.6beta3

mozillaseamonkeyMatch2.6beta4

mozillaseamonkeyMatch2.6.1

mozillaseamonkeyMatch2.7

mozillaseamonkeyMatch2.7beta1

mozillaseamonkeyMatch2.7beta2

mozillaseamonkeyMatch2.7beta3

mozillaseamonkeyMatch2.7beta4

mozillaseamonkeyMatch2.7beta5

mozillaseamonkeyMatch2.7.1

mozillaseamonkeyMatch2.7.2

mozillaseamonkeyMatch2.8

mozillaseamonkeyMatch2.8beta1

mozillaseamonkeyMatch2.8beta2

mozillaseamonkeyMatch2.8beta3

mozillaseamonkeyMatch2.8beta4

mozillaseamonkeyMatch2.8beta5

mozillaseamonkeyMatch2.8beta6

mozillaseamonkeyMatch2.9beta1

mozillaseamonkeyMatch2.9beta2

mozillaseamonkeyMatch2.9beta3

mozillathunderbirdMatch5.0

mozillathunderbirdMatch6.0

mozillathunderbirdMatch6.0.1

mozillathunderbirdMatch6.0.2

mozillathunderbirdMatch7.0

mozillathunderbirdMatch7.0.1

mozillathunderbirdMatch8.0

mozillathunderbirdMatch9.0

mozillathunderbirdMatch9.0.1

mozillathunderbirdMatch10.0

mozillathunderbirdMatch10.0.1

mozillathunderbirdMatch10.0.2

mozillathunderbirdMatch10.0.3

mozillathunderbirdMatch10.0.4

mozillathunderbirdMatch11.0

mozillathunderbirdMatch12.0

mozillathunderbird_esrMatch10.0

mozillathunderbird_esrMatch10.0.1

mozillathunderbird_esrMatch10.0.2

mozillathunderbird_esrMatch10.0.3

mozillathunderbird_esrMatch10.0.4

References

lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html

lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html

rhn.redhat.com/errata/RHSA-2012-0710.html

rhn.redhat.com/errata/RHSA-2012-0715.html

www.debian.org/security/2012/dsa-2488

www.debian.org/security/2012/dsa-2489

www.mandriva.com/security/advisories?name=MDVSA-2012:088

www.mozilla.org/security/announce/2012/mfsa2012-40.html

bugzilla.mozilla.org/show_bug.cgi?id=744541

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16911

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.137 Low

EPSS

Percentile

95.6%

JSON

Related for NVD:CVE-2012-1947

prion1 cvelist1 cve1 ubuntucve1 nessus35 openvas43 osv2 debian2 mozilla1 veracode6 ubuntu4 oraclelinux2 suse3 centos2 redhat2 freebsd1 securityvulns1 gentoo1