CVE-2012-5829Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-416Use After FreeCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
9.3CRITICALNVD
EPSS
4.6%
top 10.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+11 more
Timeline
PublishedNov 21
Latest updateMay 13

Description

Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages11 packages

NVDmozilla/firefox10.010.0.11+1
NVDmozilla/thunderbird_esr10.010.0.11
NVDmozilla/seamonkey< 2.14
NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 10.04, 11.10, 12.04, 12.10, Enterprise Linux 6.3

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-5h6m-6wc7-jxv6: Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 172022-05-13
CVEList
CVE-2012-5829: Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 172012-11-21

📋Vendor Advisories

5
Ubuntu
Firefox vulnerabilities2013-01-09
Ubuntu
Thunderbird vulnerabilities2013-01-09
Ubuntu
Firefox vulnerabilities2012-11-21
Ubuntu
Thunderbird vulnerabilities2012-11-21
Red Hat
Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)2012-11-20

💬Community

1
Bugzilla
CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5839 CVE-2012-5840 Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)2012-11-17
CVE-2012-5829 — Out-of-bounds Write in Mozilla Firefox | cvebase