CVE-2012-3966Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.7%
top 12.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedAug 29
Latest updateMay 17

Description

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox14.0+134
NVDmozilla/thunderbird14.0+99
NVDmozilla/thunderbird_esr7 versions+6
NVDmozilla/seamonkey2.11+32

🔴Vulnerability Details

2
GHSA
GHSA-fcr9-rj2r-hxx8: Mozilla Firefox before 152022-05-17
CVEList
CVE-2012-3966: Mozilla Firefox before 152012-08-29

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-08-30
Ubuntu
Firefox vulnerabilities2012-08-29
Red Hat
Mozilla: Memory corruption with bitmap format images with negative height (MFSA 2012-61)2012-08-28

💬Community

1
Bugzilla
CVE-2012-3966 Mozilla: Memory corruption with bitmap format images with negative height (MFSA 2012-61)2012-08-27
CVE-2012-3966 — Mozilla Firefox vulnerability | cvebase