CVE-2012-1952 — Mozilla Seamonkey vulnerability

CWE-3997 documents6 sources

Severity

9.3CRITICALNVD

EPSS

1.3%

top 20.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird +1 more

Timeline

PublishedJul 18

Latest updateMay 14

Description

The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox22 versions+21

▶NVDmozilla/thunderbird17 versions+16

▶NVDmozilla/thunderbird_esr6 versions+5

▶NVDmozilla/seamonkey2.10+49

🔴Vulnerability Details

GHSA

GHSA-jfr6-2c38-mp7q: The nsTableFrame::InsertFrames function in Mozilla Firefox 4↗2022-05-14

▶

CVEList

CVE-2012-1952: The nsTableFrame::InsertFrames function in Mozilla Firefox 4↗2012-07-18

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2012-07-17

▶

Red Hat

Mozilla: Gecko memory corruption (MFSA 2012-44)↗2012-07-17

▶

Ubuntu

Thunderbird vulnerabilities↗2012-07-17

▶

💬Community

Bugzilla

CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 Mozilla: Gecko memory corruption (MFSA 2012-44)↗2012-07-14

▶