CVE-2012-0452 — Use After Free in Mozilla Firefox

CWE-399 CWE-416 — Use After Free8 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedFeb 11

Latest updateMay 4

Description

Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox10.0

▶NVDmozilla/seamonkey2.7

▶NVDmozilla/thunderbird10.0

🔴Vulnerability Details

GHSA

GHSA-x4p8-2whm-cxpq: Use-after-free vulnerability in Mozilla Firefox 10↗2022-05-04

▶

CVEList

CVE-2012-0452: Use-after-free vulnerability in Mozilla Firefox 10↗2012-02-11

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-02-17

▶

Ubuntu

Firefox vulnerability↗2012-02-13

▶

Red Hat

firefox: use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings (MFSA 2012-10)↗2012-02-10

▶

💬Community

Bugzilla

CVE-2012-0452 firefox: use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings (MFSA 2012-10)↗2012-02-10

▶

Bugzilla

CVE-2012-0452 firefox: use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings (MFSA 2012-10) [fedora-all]↗2012-02-10

▶