CVE-2012-3989Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
0.9%
top 25.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+3 more
Timeline
PublishedOct 10
Latest updateMay 13

Description

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

NVDmozilla/firefox< 16.0
NVDmozilla/seamonkey< 2.13

Also affects: Ubuntu Linux 10.04, 11.04, 11.10, 12.04

🔴Vulnerability Details

2
GHSA
GHSA-g6fr-f3gf-jvqr: Mozilla Firefox before 162022-05-13
CVEList
CVE-2012-3989: Mozilla Firefox before 162012-10-10

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-10-12
Red Hat
Mozilla: Crash with invalid cast when using instanceof operator (MFSA 2012-80)2012-10-09
Ubuntu
Firefox vulnerabilities2012-10-09

💬Community

1
Bugzilla
CVE-2012-3989 Mozilla: Crash with invalid cast when using instanceof operator (MFSA 2012-80)2012-10-06
CVE-2012-3989 — Mozilla Firefox vulnerability | cvebase