CVE-2012-4191Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds Write10 documents7 sources
Severity
9.3CRITICALNVD
EPSS
1.7%
top 17.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedOct 12
Latest updateMay 13

Description

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox< 16.0.1
NVDmozilla/seamonkey< 2.13.1
NVDmozilla/thunderbird< 16.0.1

Also affects: Ubuntu Linux 10.04, 11.04, 11.10, 12.04

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-xrwr-pg2p-3r5m: The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 162022-05-13
CVEList
CVE-2012-4191: The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 162012-10-12

💥Exploits & PoCs

3
Exploit-DB
Novell Netware - XNFS caller_name xdrDecodeString Remote Code Execution2012-01-10
Exploit-DB
Novell Netware - XNFS.NLM STAT Notify Remote Code Execution2012-01-06
Exploit-DB
Novell Netware - XNFS.NLM NFS Rename Remote Code Execution2012-01-06

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2012-10-12
Red Hat
Mozilla: Miscellaneous memory safety hazards (rv:16.0.1) (MFSA 2012-88)2012-10-11
Ubuntu
Firefox vulnerabilities2012-10-11

💬Community

1
Bugzilla
CVE-2012-4191 Mozilla: Miscellaneous memory safety hazards (rv:16.0.1) (MFSA 2012-88)2012-10-11
CVE-2012-4191 — Out-of-bounds Write in Mozilla Firefox | cvebase