[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0457Date: (C)2012-03-14   (M)2024-03-27


Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1026801
SECTRACK-1026803
SECTRACK-1026804
SECUNIA-48359
SECUNIA-48402
SECUNIA-48414
SECUNIA-48495
SECUNIA-48496
SECUNIA-48513
SECUNIA-48553
SECUNIA-48561
SECUNIA-48624
SECUNIA-48629
SECUNIA-48823
MDVSA-2012:031
MDVSA-2012:032
RHSA-2012:0387
RHSA-2012:0388
SUSE-SU-2012:0424
SUSE-SU-2012:0425
USN-1400-1
USN-1400-2
USN-1400-3
USN-1400-4
USN-1400-5
USN-1401-1
http://www.mozilla.org/security/announce/2012/mfsa2012-14.html
https://bugzilla.mozilla.org/show_bug.cgi?id=720103
openSUSE-SU-2012:0417
oval:org.mitre.oval:def:14775

CPE    230
cpe:/a:mozilla:firefox:3.6.27
cpe:/a:mozilla:firefox:7.0.1
cpe:/a:mozilla:thunderbird:1.0
cpe:/a:mozilla:thunderbird:1.5
...
CWE    1
CWE-399
OVAL    20
oval:org.secpod.oval:def:700812
oval:org.secpod.oval:def:700810
oval:org.secpod.oval:def:700814
oval:org.secpod.oval:def:700808
...

© SecPod Technologies