CVE-2012-1954Out-of-bounds Write in Mozilla Seamonkey

CWE-3997 documents6 sources
Severity
10.0CRITICALNVD
EPSS
5.0%
top 10.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedJul 18
Latest updateMay 14

Description

Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox22 versions+21
NVDmozilla/thunderbird17 versions+16
NVDmozilla/thunderbird_esr6 versions+5
NVDmozilla/seamonkey2.10+49

🔴Vulnerability Details

2
GHSA
GHSA-35jh-p5wf-6gg4: Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 42022-05-14
CVEList
CVE-2012-1954: Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 42012-07-18

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2012-07-17
Red Hat
Mozilla: Gecko memory corruption (MFSA 2012-44)2012-07-17
Ubuntu
Thunderbird vulnerabilities2012-07-17

💬Community

1
Bugzilla
CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 Mozilla: Gecko memory corruption (MFSA 2012-44)2012-07-14
CVE-2012-1954 — Out-of-bounds Write in Mozilla | cvebase