CVE-2012-0454Mozilla Seamonkey vulnerability

CWE-3994 documents4 sources
Severity
7.5HIGHNVD
EPSS
2.3%
top 15.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla SeamonkeyMozilla FirefoxMozilla Firefox ESR+2 more
Timeline
PublishedMar 14
Latest updateMay 4

Description

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

NVDmozilla/firefox14 versions+13
NVDmozilla/firefox_esr10.1, 10.2+1
NVDmozilla/thunderbird9 versions+8
NVDmozilla/thunderbird_esr10.0, 10.0.1, 10.0.2+2
NVDmozilla/seamonkey2.7+60

🔴Vulnerability Details

2
GHSA
GHSA-xr5r-9hg9-ww9w: Use-after-free vulnerability in Mozilla Firefox 42022-05-04
CVEList
CVE-2012-0454: Use-after-free vulnerability in Mozilla Firefox 42012-03-14

💬Community

1
Bugzilla
CVE-2013-0454 samba: the SMB2 server does not release unused shares2013-03-27
CVE-2012-0454 — Mozilla Seamonkey vulnerability | cvebase