CVE-2012-3964Use After Free in Mozilla Firefox

CWE-399CWE-416Use After Free6 documents5 sources
Severity
10.0CRITICALNVD
EPSS
2.1%
top 15.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedAug 29
Latest updateMay 17

Description

Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox14.0+134
NVDmozilla/thunderbird14.0+99
NVDmozilla/thunderbird_esr7 versions+6
NVDmozilla/seamonkey2.11+32

🔴Vulnerability Details

2
GHSA
GHSA-fcj8-hrrx-c7qh: Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 152022-05-17
CVEList
CVE-2012-3964: Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 152012-08-29

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-08-30
Ubuntu
Firefox vulnerabilities2012-08-29
Red Hat
Mozilla: Multiple Use-after-free issues (MFSA 2012-58)2012-08-28
CVE-2012-3964 — Use After Free in Mozilla Firefox | cvebase