CVE-2012-1938 — Out-of-bounds Write in Mozilla Firefox

7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

1.2%

top 20.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +10 more

Timeline

PublishedJun 5

Latest updateMay 13

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages11 packages

▶NVDmozilla/firefox< 13.0

▶NVDmozilla/seamonkey< 2.10

▶NVDmozilla/thunderbird< 13.0

▶NVDredhat/storage2.0

▶NVDopensuse/opensuse11.4, 12.1+1

Also affects: Enterprise Linux 6.2

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-rqmw-wp6r-645h: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13↗2022-05-13

▶

CVEList

CVE-2012-1938: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13↗2012-06-05

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2012-06-27

▶

Ubuntu

Firefox vulnerabilities↗2012-06-06

▶

Red Hat

Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)↗2012-06-05

▶

💬Community

Bugzilla

CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-3105 Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)↗2012-06-03

▶