CVE-2012-1939

2012-06-0523:55:00

CWE-119

[email protected]

web.nvd.nist.gov

mozilla firefox

thunderbird

esr

memory corruption

cve-2012-1939

javascript

remote attack

9.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.041 Low

EPSS

Percentile

92.0%

JSON

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.

CPENameOperatorVersion
mozilla:firefox_esrmozilla firefox esreq10.0
mozilla:firefox_esrmozilla firefox esreq10.0.2
mozilla:firefox_esrmozilla firefox esreq10.0.1
mozilla:firefox_esrmozilla firefox esreq10.0.3
mozilla:firefox_esrmozilla firefox esreq10.0.4
mozilla:thunderbird_esrmozilla thunderbird esreq10.0.3
mozilla:thunderbird_esrmozilla thunderbird esreq10.0
mozilla:thunderbird_esrmozilla thunderbird esreq10.0.4
mozilla:thunderbird_esrmozilla thunderbird esreq10.0.2
mozilla:thunderbird_esrmozilla thunderbird esreq10.0.1

CPE	Name	Operator	Version
mozilla:firefox_esr	mozilla firefox esr	eq	10.0
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.2
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.3
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.4
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	10.0.3
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	10.0
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	10.0.4
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	10.0.2
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	10.0.1