CVE-2012-1951Out-of-bounds Write in Mozilla Seamonkey

CWE-3997 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.4%
top 12.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedJul 18
Latest updateMay 14

Description

Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox22 versions+21
NVDmozilla/thunderbird17 versions+16
NVDmozilla/thunderbird_esr6 versions+5
NVDmozilla/seamonkey2.10+49

🔴Vulnerability Details

2
GHSA
GHSA-mm7q-cwwj-hpqx: Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 42022-05-14
CVEList
CVE-2012-1951: Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 42012-07-18

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2012-07-17
Red Hat
Mozilla: Gecko memory corruption (MFSA 2012-44)2012-07-17
Ubuntu
Thunderbird vulnerabilities2012-07-17

💬Community

1
Bugzilla
CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 Mozilla: Gecko memory corruption (MFSA 2012-44)2012-07-14
CVE-2012-1951 — Out-of-bounds Write in Mozilla | cvebase