CVE-2012-0470 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Seamonkey

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

10.0CRITICALNVD

EPSS

5.7%

top 9.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird +1 more

Timeline

PublishedApr 25

Latest updateMay 4

Description

Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox18 versions+17

▶NVDmozilla/thunderbird15 versions+14

▶NVDmozilla/thunderbird_esr5 versions+4

▶NVDmozilla/seamonkey2.9+64

🔴Vulnerability Details

GHSA

GHSA-r5mf-grcq-wjjg: Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4↗2022-05-04

▶

CVEList

CVE-2012-0470: Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4↗2012-04-25

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-05-04

▶

Ubuntu

ubufox update↗2012-04-27

▶

Ubuntu

Firefox vulnerabilities↗2012-04-27

▶

Red Hat

Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23)↗2012-04-24

▶

💬Community

Bugzilla

CVE-2012-0470 Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23)↗2012-04-22

▶