[Forgot Password]
Login  Register Subscribe

23631

 
 

127000

 
 

102010

 
 

909

 
 

81059

 
 

123

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2012-3969Date: (C)2012-08-29   (M)2018-02-19


Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score : Impact Score : 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  





Reference:
BID-55292
DSA-2553
DSA-2554
DSA-2556
RHSA-2012:1210
RHSA-2012:1211
SUSE-SU-2012:1157
SUSE-SU-2012:1167
USN-1548-1
USN-1548-2
http://www.mozilla.org/security/announce/2012/mfsa2012-63.html
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.mozilla.org/show_bug.cgi?id=782141
openSUSE-SU-2012:1065

CPE    342
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:thunderbird:11.0
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
...
CWE    1
CWE-189
OVAL    22
oval:org.secpod.oval:def:302958
oval:org.secpod.oval:def:302957
oval:org.secpod.oval:def:202431
oval:org.secpod.oval:def:202430
...

© 2013 SecPod Technologies