CVE-2012-3964

2012-08-2910:56:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2012-3964

use-after-free

vulnerability

mozilla firefox

remote attackers

arbitrary code

denial of service

nvd

8.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.126 Low

EPSS

Percentile

95.4%

JSON

Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CPENameOperatorVersion
mozilla:firefox_esrmozilla firefox esreq10.0.6
mozilla:firefox_esrmozilla firefox esreq10.0
mozilla:firefox_esrmozilla firefox esreq10.0.5
mozilla:firefox_esrmozilla firefox esreq10.0.2
mozilla:firefox_esrmozilla firefox esreq10.0.1
mozilla:firefox_esrmozilla firefox esreq10.0.3
mozilla:firefox_esrmozilla firefox esreq10.0.4
mozilla:thunderbird_esrmozilla thunderbird esreq10.0.3
mozilla:thunderbird_esrmozilla thunderbird esreq10.0
mozilla:thunderbird_esrmozilla thunderbird esreq10.0.4

CPE	Name	Operator	Version
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.6
mozilla:firefox_esr	mozilla firefox esr	eq	10.0
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.5
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.2
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.3
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.4
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	10.0.3
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	10.0
mozilla:thunderbird_esr	mozilla thunderbird esr	eq	10.0.4