Lucene search

[email protected]CVE-2012-0454

HistoryMar 14, 2012 - 7:55 p.m.

CVE-2012-0454

2012-03-1419:55:01

CWE-399

[email protected]

web.nvd.nist.gov

cve-2012-0454

mozilla firefox

vulnerability

remote attackers

denial of service

arbitrary code

windows 7

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.13 Low

EPSS

Percentile

95.5%

JSON

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.

Affected configurations

NVD

Node

mozillafirefoxMatch4.0

mozillafirefoxMatch4.0beta1

mozillafirefoxMatch4.0beta10

mozillafirefoxMatch4.0beta11

mozillafirefoxMatch4.0beta12

mozillafirefoxMatch4.0beta2

mozillafirefoxMatch4.0beta3

mozillafirefoxMatch4.0beta4

mozillafirefoxMatch4.0beta5

mozillafirefoxMatch4.0beta6

mozillafirefoxMatch4.0beta7

mozillafirefoxMatch4.0beta8

mozillafirefoxMatch4.0beta9

mozillafirefoxMatch4.0.1

mozillafirefoxMatch5.0

mozillafirefoxMatch5.0.1

mozillafirefoxMatch6.0

mozillafirefoxMatch6.0.1

mozillafirefoxMatch6.0.2

mozillafirefoxMatch7.0

mozillafirefoxMatch7.0.1

mozillafirefoxMatch8.0

mozillafirefoxMatch8.0.1

mozillafirefoxMatch9.0

mozillafirefoxMatch9.0.1

AND

microsoftwindows_7Match-

Node

mozillafirefox_esrMatch10.0

mozillafirefox_esrMatch10.1

mozillafirefox_esrMatch10.2

AND

microsoftwindows_7Match-

Node

mozillathunderbirdMatch5.0

mozillathunderbirdMatch6.0

mozillathunderbirdMatch6.0.1

mozillathunderbirdMatch6.0.2

mozillathunderbirdMatch7.0

mozillathunderbirdMatch7.0.1

mozillathunderbirdMatch8.0

mozillathunderbirdMatch9.0

mozillathunderbirdMatch9.0.1

AND

microsoftwindows_7Match-

Node

mozillathunderbird_esrMatch10.0

mozillathunderbird_esrMatch10.0.1

mozillathunderbird_esrMatch10.0.2

AND

microsoftwindows_7Match-

Node

mozillaseamonkeyRange≤2.7beta5

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch1.1.18

mozillaseamonkeyMatch1.1.19

mozillaseamonkeyMatch1.5.0.8

mozillaseamonkeyMatch1.5.0.9

mozillaseamonkeyMatch1.5.0.10

mozillaseamonkeyMatch2.0

mozillaseamonkeyMatch2.0alpha_1

mozillaseamonkeyMatch2.0alpha_2

mozillaseamonkeyMatch2.0alpha_3

mozillaseamonkeyMatch2.0beta_1

mozillaseamonkeyMatch2.0beta_2

mozillaseamonkeyMatch2.0rc1

mozillaseamonkeyMatch2.0rc2

mozillaseamonkeyMatch2.0.1

mozillaseamonkeyMatch2.0.2

mozillaseamonkeyMatch2.0.3

mozillaseamonkeyMatch2.0.4

mozillaseamonkeyMatch2.0.5

mozillaseamonkeyMatch2.0.6

mozillaseamonkeyMatch2.0.7

mozillaseamonkeyMatch2.0.8

mozillaseamonkeyMatch2.0.9

mozillaseamonkeyMatch2.0.10

mozillaseamonkeyMatch2.0.11

mozillaseamonkeyMatch2.0.12

mozillaseamonkeyMatch2.0.13

mozillaseamonkeyMatch2.0.14

mozillaseamonkeyMatch2.1

mozillaseamonkeyMatch2.1alpha1

mozillaseamonkeyMatch2.1alpha2

mozillaseamonkeyMatch2.1alpha3

mozillaseamonkeyMatch2.1beta1

mozillaseamonkeyMatch2.1beta2

mozillaseamonkeyMatch2.1beta3

mozillaseamonkeyMatch2.1rc1

mozillaseamonkeyMatch2.1rc2

mozillaseamonkeyMatch2.2

mozillaseamonkeyMatch2.2beta1

mozillaseamonkeyMatch2.2beta2

mozillaseamonkeyMatch2.2beta3

mozillaseamonkeyMatch2.3

mozillaseamonkeyMatch2.3beta1

mozillaseamonkeyMatch2.3beta2

mozillaseamonkeyMatch2.3beta3

mozillaseamonkeyMatch2.3.1

mozillaseamonkeyMatch2.3.2

mozillaseamonkeyMatch2.3.3

mozillaseamonkeyMatch2.4

mozillaseamonkeyMatch2.4beta1

mozillaseamonkeyMatch2.4beta2

mozillaseamonkeyMatch2.4beta3

mozillaseamonkeyMatch2.4.1

mozillaseamonkeyMatch2.5

mozillaseamonkeyMatch2.5beta1

mozillaseamonkeyMatch2.5beta2

mozillaseamonkeyMatch2.5beta3

mozillaseamonkeyMatch2.5beta4

mozillaseamonkeyMatch2.6

mozillaseamonkeyMatch2.6beta1

mozillaseamonkeyMatch2.6beta2

mozillaseamonkeyMatch2.6beta3

mozillaseamonkeyMatch2.6beta4

mozillaseamonkeyMatch2.6.1

mozillaseamonkeyMatch2.7beta1

mozillaseamonkeyMatch2.7beta2

mozillaseamonkeyMatch2.7beta3

mozillaseamonkeyMatch2.7beta4

AND

microsoftwindows_7Match-

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq4.0
mozilla:firefoxmozilla firefoxeq4.0.1
mozilla:firefoxmozilla firefoxeq5.0
mozilla:firefoxmozilla firefoxeq5.0.1
mozilla:firefoxmozilla firefoxeq6.0
mozilla:firefoxmozilla firefoxeq6.0.1
mozilla:firefoxmozilla firefoxeq6.0.2
mozilla:firefoxmozilla firefoxeq7.0
mozilla:firefoxmozilla firefoxeq7.0.1
mozilla:firefoxmozilla firefoxeq8.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	4.0
mozilla:firefox	mozilla firefox	eq	4.0.1
mozilla:firefox	mozilla firefox	eq	5.0
mozilla:firefox	mozilla firefox	eq	5.0.1
mozilla:firefox	mozilla firefox	eq	6.0
mozilla:firefox	mozilla firefox	eq	6.0.1
mozilla:firefox	mozilla firefox	eq	6.0.2
mozilla:firefox	mozilla firefox	eq	7.0
mozilla:firefox	mozilla firefox	eq	7.0.1
mozilla:firefox	mozilla firefox	eq	8.0