CVE-2012-0472 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Seamonkey

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

1.5%

top 18.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird +1 more

Timeline

PublishedApr 25

Latest updateMay 4

Description

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox17 versions+16

▶NVDmozilla/thunderbird14 versions+13

▶NVDmozilla/thunderbird_esr5 versions+4

▶NVDmozilla/seamonkey2.9+64

🔴Vulnerability Details

GHSA

GHSA-555h-vj7w-v68w: The cairo-dwrite implementation in Mozilla Firefox 4↗2022-05-04

▶

CVEList

CVE-2012-0472: The cairo-dwrite implementation in Mozilla Firefox 4↗2012-04-25

▶

📋Vendor Advisories

Red Hat

Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25)↗2012-04-24

▶

💬Community

Bugzilla

CVE-2012-0472 Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25)↗2012-04-22

▶