CVE-2012-3962Use After Free in Mozilla Firefox

CWE-416Use After Free6 documents5 sources
Severity
9.3CRITICALNVD
EPSS
4.2%
top 11.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedAug 29
Latest updateMay 17

Description

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox14.0+134
NVDmozilla/thunderbird14.0+99
NVDmozilla/thunderbird_esr7 versions+6
NVDmozilla/seamonkey2.11+32

🔴Vulnerability Details

2
GHSA
GHSA-23q5-53ph-6386: Mozilla Firefox before 152022-05-17
CVEList
CVE-2012-3962: Mozilla Firefox before 152012-08-29

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-08-30
Ubuntu
Firefox vulnerabilities2012-08-29
Red Hat
Mozilla: Multiple Use-after-free issues (MFSA 2012-58)2012-08-28
CVE-2012-3962 — Use After Free in Mozilla Firefox | cvebase