Lucene search

[email protected]CVE-2012-0478

HistoryApr 25, 2012 - 10:10 a.m.

CVE-2012-0478

2012-04-2510:10:17

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-0478

webgl

mozilla firefox

remote code execution

security vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.4 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.

Affected configurations

NVD

Node

mozillafirefoxMatch4.0

mozillafirefoxMatch4.0beta1

mozillafirefoxMatch4.0beta10

mozillafirefoxMatch4.0beta11

mozillafirefoxMatch4.0beta12

mozillafirefoxMatch4.0beta2

mozillafirefoxMatch4.0beta3

mozillafirefoxMatch4.0beta4

mozillafirefoxMatch4.0beta5

mozillafirefoxMatch4.0beta6

mozillafirefoxMatch4.0beta7

mozillafirefoxMatch4.0beta8

mozillafirefoxMatch4.0beta9

mozillafirefoxMatch4.0.1

mozillafirefoxMatch5.0

mozillafirefoxMatch5.0.1

mozillafirefoxMatch6.0

mozillafirefoxMatch6.0.1

mozillafirefoxMatch6.0.2

mozillafirefoxMatch7.0

mozillafirefoxMatch7.0.1

mozillafirefoxMatch8.0

mozillafirefoxMatch8.0.1

mozillafirefoxMatch9.0

mozillafirefoxMatch9.0.1

mozillafirefoxMatch10.0

mozillafirefoxMatch10.0.1

mozillafirefoxMatch10.0.2

mozillafirefoxMatch11.0

Node

mozillafirefox_esrMatch10.0

mozillafirefox_esrMatch10.0.1

mozillafirefox_esrMatch10.0.2

mozillafirefox_esrMatch10.0.3

Node

mozillathunderbirdMatch5.0

mozillathunderbirdMatch6.0

mozillathunderbirdMatch6.0.1

mozillathunderbirdMatch6.0.2

mozillathunderbirdMatch7.0

mozillathunderbirdMatch7.0.1

mozillathunderbirdMatch8.0

mozillathunderbirdMatch9.0

mozillathunderbirdMatch9.0.1

mozillathunderbirdMatch10.0

mozillathunderbirdMatch10.0.1

mozillathunderbirdMatch10.0.2

mozillathunderbirdMatch10.0.3

mozillathunderbirdMatch10.0.4

mozillathunderbirdMatch11.0

Node

mozillathunderbird_esrMatch10.0

mozillathunderbird_esrMatch10.0.1

mozillathunderbird_esrMatch10.0.2

mozillathunderbird_esrMatch10.0.3

Node

mozillaseamonkeyRange≤2.9beta3

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch1.1.18

mozillaseamonkeyMatch1.1.19

mozillaseamonkeyMatch1.5.0.8

mozillaseamonkeyMatch1.5.0.9

mozillaseamonkeyMatch1.5.0.10

mozillaseamonkeyMatch2.0

mozillaseamonkeyMatch2.0alpha_1

mozillaseamonkeyMatch2.0alpha_2

mozillaseamonkeyMatch2.0alpha_3

mozillaseamonkeyMatch2.0beta_1

mozillaseamonkeyMatch2.0beta_2

mozillaseamonkeyMatch2.0rc1

mozillaseamonkeyMatch2.0rc2

mozillaseamonkeyMatch2.0.1

mozillaseamonkeyMatch2.0.2

mozillaseamonkeyMatch2.0.3

mozillaseamonkeyMatch2.0.4

mozillaseamonkeyMatch2.0.5

mozillaseamonkeyMatch2.0.6

mozillaseamonkeyMatch2.0.7

mozillaseamonkeyMatch2.0.8

mozillaseamonkeyMatch2.0.9

mozillaseamonkeyMatch2.0.10

mozillaseamonkeyMatch2.0.11

mozillaseamonkeyMatch2.0.12

mozillaseamonkeyMatch2.0.13

mozillaseamonkeyMatch2.0.14

mozillaseamonkeyMatch2.1

mozillaseamonkeyMatch2.1alpha1

mozillaseamonkeyMatch2.1alpha2

mozillaseamonkeyMatch2.1alpha3

mozillaseamonkeyMatch2.1beta1

mozillaseamonkeyMatch2.1beta2

mozillaseamonkeyMatch2.1beta3

mozillaseamonkeyMatch2.1rc1

mozillaseamonkeyMatch2.1rc2

mozillaseamonkeyMatch2.2

mozillaseamonkeyMatch2.2beta1

mozillaseamonkeyMatch2.2beta2

mozillaseamonkeyMatch2.2beta3

mozillaseamonkeyMatch2.3

mozillaseamonkeyMatch2.3beta1

mozillaseamonkeyMatch2.3beta2

mozillaseamonkeyMatch2.3beta3

mozillaseamonkeyMatch2.3.1

mozillaseamonkeyMatch2.3.2

mozillaseamonkeyMatch2.3.3

mozillaseamonkeyMatch2.4

mozillaseamonkeyMatch2.4beta1

mozillaseamonkeyMatch2.4beta2

mozillaseamonkeyMatch2.4beta3

mozillaseamonkeyMatch2.4.1

mozillaseamonkeyMatch2.5

mozillaseamonkeyMatch2.5beta1

mozillaseamonkeyMatch2.5beta2

mozillaseamonkeyMatch2.5beta3

mozillaseamonkeyMatch2.5beta4

mozillaseamonkeyMatch2.6

mozillaseamonkeyMatch2.6beta1

mozillaseamonkeyMatch2.6beta2

mozillaseamonkeyMatch2.6beta3

mozillaseamonkeyMatch2.6beta4

mozillaseamonkeyMatch2.6.1

mozillaseamonkeyMatch2.7

mozillaseamonkeyMatch2.7beta1

mozillaseamonkeyMatch2.7beta2

mozillaseamonkeyMatch2.7beta3

mozillaseamonkeyMatch2.7beta4

mozillaseamonkeyMatch2.7beta5

mozillaseamonkeyMatch2.7.1

mozillaseamonkeyMatch2.7.2

mozillaseamonkeyMatch2.8

mozillaseamonkeyMatch2.8beta1

mozillaseamonkeyMatch2.8beta2

mozillaseamonkeyMatch2.8beta3

mozillaseamonkeyMatch2.8beta4

mozillaseamonkeyMatch2.8beta5

mozillaseamonkeyMatch2.8beta6

mozillaseamonkeyMatch2.9beta1

mozillaseamonkeyMatch2.9beta2

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxeq4.0
mozilla:firefoxmozilla firefoxeq4.0.1
mozilla:firefoxmozilla firefoxeq5.0
mozilla:firefoxmozilla firefoxeq5.0.1
mozilla:firefoxmozilla firefoxeq6.0
mozilla:firefoxmozilla firefoxeq6.0.1
mozilla:firefoxmozilla firefoxeq6.0.2
mozilla:firefoxmozilla firefoxeq7.0
mozilla:firefoxmozilla firefoxeq7.0.1
mozilla:firefoxmozilla firefoxeq8.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	eq	4.0
mozilla:firefox	mozilla firefox	eq	4.0.1
mozilla:firefox	mozilla firefox	eq	5.0
mozilla:firefox	mozilla firefox	eq	5.0.1
mozilla:firefox	mozilla firefox	eq	6.0
mozilla:firefox	mozilla firefox	eq	6.0.1
mozilla:firefox	mozilla firefox	eq	6.0.2
mozilla:firefox	mozilla firefox	eq	7.0
mozilla:firefox	mozilla firefox	eq	7.0.1
mozilla:firefox	mozilla firefox	eq	8.0