CVE-2012-0444Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents8 sources
Severity
10.0CRITICALNVD
EPSS
8.6%
top 7.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Xiph.org LibvorbisMozilla FirefoxMozilla Seamonkey+7 more
Timeline
PublishedFeb 1
Latest updateMay 4

Description

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages8 packages

NVDmozilla/firefox4.010.0+1
NVDmozilla/thunderbird5.010.0+1
Debianxiph.org/libvorbis< 1.3.2-1.2+3

Also affects: Debian Linux 5.0, 6.0, Ubuntu Linux 10.04, 10.10, 11.04, 11.10

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

3
GHSA
GHSA-372v-6w9g-jmh5: Mozilla Firefox before 32022-05-04
CVEList
CVE-2012-0444: Mozilla Firefox before 32012-02-01
OSV
CVE-2012-0444: Mozilla Firefox before 32012-02-01

📋Vendor Advisories

9
Ubuntu
libvorbis vulnerability2012-02-20
Ubuntu
Thunderbird vulnerabilities2012-02-17
Ubuntu
Thunderbird vulnerabilities2012-02-08
Ubuntu
Xulrunnner vulnerabilities2012-02-08
Ubuntu
Mozvoikko update2012-02-03

💬Community

2
Bugzilla
CVE-2012-0444 Firefox: Ogg Vorbis Decoding Memory Corruption (MFSA 2012-07) [fedora-all]2012-02-15
Bugzilla
CVE-2012-0444 Firefox: Ogg Vorbis Decoding Memory Corruption (MFSA 2012-07)2012-01-31
CVE-2012-0444 — Mozilla Firefox vulnerability | cvebase