CVE-2012-0463

2012-03-1400:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.445

Percentile

97.4%

JSON

The nsWindow implementation in the browser engine in Mozilla Firefox before
3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird
before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and
SeaMonkey before 2.8 does not check the validity of an instance after event
dispatching, which allows remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute arbitrary
code via unknown vectors, as demonstrated by Mobile Firefox on Android.

Notes

Author	Note
sbeattie	possibly only affects android versions

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 11.0+build1-0ubuntu0.10.04.2UNKNOWN
ubuntu11.04noarchfirefox< 11.0+build1-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchfirefox< 11.0+build1-0ubuntu0.11.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	firefox	< 11.0+build1-0ubuntu0.10.04.2	UNKNOWN
ubuntu	11.04	noarch	firefox	< 11.0+build1-0ubuntu0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	firefox	< 11.0+build1-0ubuntu0.11.10.1	UNKNOWN