CVE-2012-0470
published 2012-04-25CVE-2012-0470: Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4…
PriorityP344critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
10.10%
95.1th percentile
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."
Affected
103 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | seamonkey | <= 2.9 | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
| mozilla | seamonkey | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2012-05-04·CVSS 10.0
CVE-2011-1187 [CRITICAL] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
USN-1430-1 fixed vulnerabilities in Firefox. This update provides the
corresponding fixes for Thunderbird.
Original advisory details:
Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)
Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to ex
Ubuntu
ubufox update
vendor_ubuntu·2012-04-27·CVSS 10.0
[CRITICAL] ubufox update
Title: ubufox update
Summary: This update provides compatible ubufox packages for the latest Firefox.
USN-1430-1 fixed vulnerabilities in Firefox. This update provides an
updated ubufox package for use with the latest Firefox.
Original advisory details:
Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)
Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could poten
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2012-04-27·CVSS 10.0
CVE-2012-0467 [CRITICAL] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,
Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay
discovered memory safety issues affecting Firefox. If the user were tricked
into opening a specially crafted page, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-0467,
CVE-2012-0468)
Aki Helin discovered a use-after-free vulnerability in XPConnect. An
attacker could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2012-0469)
Atte Kettunen discovered that invalid frees cause heap c
Red Hat
Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23)
vendor_redhat·2012-04-24·CVSS 10.0
CVE-2012-0470 [CRITICAL] Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23)
Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23)
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."
GHSA
GHSA-r5mf-grcq-wjjg: Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4
ghsa_unreviewed·2022-05-04
CVE-2012-0470 [HIGH] CWE-119 GHSA-r5mf-grcq-wjjg: Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4
Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/48920http://secunia.com/advisories/48922http://secunia.com/advisories/48972http://secunia.com/advisories/49047http://secunia.com/advisories/49055http://www.debian.org/security/2012/dsa-2457http://www.debian.org/security/2012/dsa-2458http://www.debian.org/security/2012/dsa-2464http://www.mandriva.com/security/advisories?name=MDVSA-2012:066http://www.mandriva.com/security/advisories?name=MDVSA-2012:081http://www.mozilla.org/security/announce/2012/mfsa2012-23.htmlhttp://www.securityfocus.com/bid/53225https://bugzilla.mozilla.org/show_bug.cgi?id=734288https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16989http://secunia.com/advisories/48920http://secunia.com/advisories/48922http://secunia.com/advisories/48972http://secunia.com/advisories/49047http://secunia.com/advisories/49055http://www.debian.org/security/2012/dsa-2457http://www.debian.org/security/2012/dsa-2458http://www.debian.org/security/2012/dsa-2464http://www.mandriva.com/security/advisories?name=MDVSA-2012:066http://www.mandriva.com/security/advisories?name=MDVSA-2012:081http://www.mozilla.org/security/announce/2012/mfsa2012-23.htmlhttp://www.securityfocus.com/bid/53225https://bugzilla.mozilla.org/show_bug.cgi?id=734288https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16989
2012-04-25
Published