CVE-2012-0463Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
4.3%
top 11.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla ThunderbirdMozilla Seamonkey+1 more
Timeline
PublishedMar 14
Latest updateMay 4

Description

The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Fir

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDmozilla/firefox3.6.27+4
NVDmozilla/thunderbird1.03.1.19+1
NVDmozilla/thunderbird_esr10.0, 10.0.1, 10.0.2+2
NVDmozilla/seamonkey62 versions+61

🔴Vulnerability Details

2
GHSA
GHSA-h7x4-9p5g-7m9r: The nsWindow implementation in the browser engine in Mozilla Firefox before 32022-05-04
CVEList
CVE-2012-0463: The nsWindow implementation in the browser engine in Mozilla Firefox before 32012-03-14
CVE-2012-0463 — Improper Input Validation in Mozilla | cvebase