CVE-2012-1953Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Seamonkey

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
1.4%
top 19.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedJul 18
Latest updateMay 14

Description

The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox22 versions+21
NVDmozilla/thunderbird17 versions+16
NVDmozilla/thunderbird_esr6 versions+5
NVDmozilla/seamonkey2.10+49

🔴Vulnerability Details

2
GHSA
GHSA-rf9h-956h-9g4h: The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 42022-05-14
CVEList
CVE-2012-1953: The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 42012-07-18

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2012-07-17
Red Hat
Mozilla: Gecko memory corruption (MFSA 2012-44)2012-07-17
Ubuntu
Thunderbird vulnerabilities2012-07-17

💬Community

1
Bugzilla
CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 Mozilla: Gecko memory corruption (MFSA 2012-44)2012-07-14
CVE-2012-1953 — Mozilla Seamonkey vulnerability | cvebase