CVE-2012-0447 — Sensitive Information Exposure in Mozilla Seamonkey

CWE-200 — Sensitive Information Exposure7 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedFeb 1

Latest updateMay 4

Description

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/seamonkey2.7+58

▶NVDmozilla/firefox11 versions+10

▶NVDmozilla/thunderbird7 versions+6

🔴Vulnerability Details

GHSA

GHSA-pf5p-55wr-2522: Mozilla Firefox 4↗2022-05-04

▶

CVEList

CVE-2012-0447: Mozilla Firefox 4↗2012-02-01

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-02-17

▶

Ubuntu

Mozvoikko update↗2012-02-03

▶

Ubuntu

ubufox and webfav update↗2012-02-03

▶

Ubuntu

Firefox vulnerabilities↗2012-02-03

▶