CVE-2012-0469Use After Free in Mozilla Seamonkey

CWE-399CWE-416Use After Free10 documents8 sources
Severity
10.0CRITICALNVD
EPSS
17.1%
top 5.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedApr 25
Latest updateMay 22

Description

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox18 versions+17
NVDmozilla/thunderbird15 versions+14
NVDmozilla/thunderbird_esr5 versions+4
NVDmozilla/seamonkey2.9+64

🔴Vulnerability Details

2
GHSA
GHSA-86c5-mchr-88xj: Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 42022-05-04
CVEList
CVE-2012-0469: Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 42012-04-25

💥Exploits & PoCs

1
Exploit-DB
uebimiau webmail 2.7.2 - Persistent Cross-Site Scripting2012-08-20

📋Vendor Advisories

4
Ubuntu
Thunderbird vulnerabilities2012-05-04
Ubuntu
ubufox update2012-04-27
Ubuntu
Firefox vulnerabilities2012-04-27
Red Hat
Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22)2012-04-24

📄Research Papers

1
arXiv
SeMalloc: Semantics-Informed Memory Allocator2024-05-22

💬Community

1
Bugzilla
CVE-2012-0469 Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22)2012-04-22
CVE-2012-0469 — Use After Free in Mozilla Seamonkey | cvebase