CVE-2012-1946Use After Free in Mozilla Seamonkey

CWE-399CWE-416Use After Free7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
1.5%
top 19.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedJun 5
Latest updateMay 14

Description

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox20 versions+19
NVDmozilla/thunderbird16 versions+15
NVDmozilla/thunderbird_esr5 versions+4
NVDmozilla/seamonkey2.9+64

🔴Vulnerability Details

2
GHSA
GHSA-p4rr-fgvx-ch95: Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 42022-05-14
CVEList
CVE-2012-1946: Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 42012-06-05

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-06-27
Ubuntu
Firefox vulnerabilities2012-06-06
Red Hat
Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)2012-06-05

💬Community

1
Bugzilla
CVE-2012-1946 Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)2012-06-03
CVE-2012-1946 — Use After Free in Mozilla Seamonkey | cvebase