CVE-2012-1962Out-of-bounds Write in Mozilla Seamonkey

CWE-3997 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.4%
top 12.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla SeamonkeyMozilla FirefoxMozilla Thunderbird+1 more
Timeline
PublishedJul 18
Latest updateMay 14

Description

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox22 versions+21
NVDmozilla/thunderbird17 versions+16
NVDmozilla/thunderbird_esr6 versions+5
NVDmozilla/seamonkey2.10+49

🔴Vulnerability Details

2
GHSA
GHSA-vqcw-863f-c794: Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 42022-05-14
CVEList
CVE-2012-1962: Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 42012-07-18

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2012-07-17
Red Hat
Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)2012-07-17
Ubuntu
Thunderbird vulnerabilities2012-07-17

💬Community

1
Bugzilla
CVE-2012-1962 Mozilla: JSDependentString::undepend string conversion results in memory corruption (MFSA 2012-52)2012-07-14
CVE-2012-1962 — Out-of-bounds Write in Mozilla | cvebase