CVE-2012-0449 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents6 sources

Severity

9.3CRITICALNVD

EPSS

3.9%

top 11.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +5 more

Timeline

PublishedFeb 1

Latest updateMay 4

Description

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages7 packages

▶NVDmozilla/firefox4.0 — 10.0+1

▶NVDmozilla/seamonkey< 2.7

▶NVDmozilla/thunderbird5.0 — 10.0+1

▶NVDopensuse/opensuse11.4

▶NVDsuse/linux_enterprise_server10, 11+1

Also affects: Debian Linux 5.0, 6.0

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-h78f-qgpj-g2jh: Mozilla Firefox before 3↗2022-05-04

▶

CVEList

CVE-2012-0449: Mozilla Firefox before 3↗2012-02-01

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-02-17

▶

Ubuntu

Thunderbird vulnerabilities↗2012-02-08

▶

Ubuntu

Xulrunnner vulnerabilities↗2012-02-08

▶

Ubuntu

Mozvoikko update↗2012-02-03

▶

Ubuntu

ubufox and webfav update↗2012-02-03

▶

💬Community

Bugzilla

CVE-2012-0449 Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)↗2012-01-31

▶