CVE-2012-1939Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
3.6%
top 12.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird ESR
Timeline
PublishedJun 5
Latest updateMay 14

Description

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmozilla/firefox5 versions+4
NVDmozilla/thunderbird_esr5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-g43v-55jg-34cf: jsinfer2022-05-14
CVEList
CVE-2012-1939: jsinfer2012-06-05

📋Vendor Advisories

1
Red Hat
Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)2012-06-05

💬Community

1
Bugzilla
CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-3105 Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)2012-06-03
CVE-2012-1939 — Mozilla Firefox vulnerability | cvebase