CVE-2012-3960Use After Free in Mozilla Firefox

CWE-416Use After Free7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
2.3%
top 15.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+11 more
Timeline
PublishedAug 29
Latest updateMay 13

Description

Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages11 packages

NVDmozilla/firefox10.010.0.7+1
NVDmozilla/thunderbird_esr10.010.0.7
NVDmozilla/seamonkey< 2.12

Also affects: Ubuntu Linux 10.04, 11.04, 11.10, 12.04, Enterprise Linux 6.3

🔴Vulnerability Details

2
GHSA
GHSA-qxv8-c8g2-x423: Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 152022-05-13
CVEList
CVE-2012-3960: Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 152012-08-29

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-08-30
Ubuntu
Firefox vulnerabilities2012-08-29
Red Hat
Mozilla: Multiple Use-after-free issues (MFSA 2012-58)2012-08-28

💬Community

1
Bugzilla
CVE-2011-3960 libvorbis: Stack-buffer overflow in render_line2012-02-09
CVE-2012-3960 — Use After Free in Mozilla Firefox | cvebase