CVE-2012-5833Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-416Use After Free7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
1.4%
top 19.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+10 more
Timeline
PublishedNov 21
Latest updateMay 13

Description

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages11 packages

NVDmozilla/firefox< 10.0.11+1
NVDmozilla/seamonkey< 2.14
NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10, Enterprise Linux 6.3

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-fcm5-39j7-xpvf: The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 172022-05-13
CVEList
CVE-2012-5833: The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 172012-11-21

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2012-11-21
Ubuntu
Thunderbird vulnerabilities2012-11-21
Red Hat
Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)2012-11-20

💬Community

1
Bugzilla
CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)2012-11-17
CVE-2012-5833 — Mozilla Firefox vulnerability | cvebase