Mozilla FoundationMFSA2012-58Use-after-free issues found using Address Sanitizer — Mozilla
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.126 Low
EPSS
Percentile
95.5%
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 15 | |
| firefox esr | lt | 10.0.7 | |
| seamonkey | lt | 2.12 | |
| thunderbird | lt | 15 | |
| thunderbird esr | lt | 10.0.7 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3964
bugzilla.mozilla.org/show_bug.cgi?id=756241
bugzilla.mozilla.org/show_bug.cgi?id=762280
bugzilla.mozilla.org/show_bug.cgi?id=769120
bugzilla.mozilla.org/show_bug.cgi?id=769303
bugzilla.mozilla.org/show_bug.cgi?id=771873
bugzilla.mozilla.org/show_bug.cgi?id=771976
bugzilla.mozilla.org/show_bug.cgi?id=771994
bugzilla.mozilla.org/show_bug.cgi?id=772346
bugzilla.mozilla.org/show_bug.cgi?id=773207
bugzilla.mozilla.org/show_bug.cgi?id=774548
bugzilla.mozilla.org/show_bug.cgi?id=774597
bugzilla.mozilla.org/show_bug.cgi?id=776213
bugzilla.mozilla.org/show_bug.cgi?id=777578
bugzilla.mozilla.org/show_bug.cgi?id=778428
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.126 Low
EPSS
Percentile
95.5%