CVE-2012-3966

2012-08-2910:56:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-3966

mozilla firefox

arbitrary code execution

denial of service

memory corruption

nvd

vulnerability

8.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.117 Low

EPSS

Percentile

95.2%

JSON

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.

CPENameOperatorVersion
mozilla:firefox_esrmozilla firefox esreq10.0.6
mozilla:firefox_esrmozilla firefox esreq10.0
mozilla:firefox_esrmozilla firefox esreq10.0.5
mozilla:firefox_esrmozilla firefox esreq10.0.2
mozilla:firefox_esrmozilla firefox esreq10.0.1
mozilla:firefox_esrmozilla firefox esreq10.0.3
mozilla:firefox_esrmozilla firefox esreq10.0.4
mozilla:firefoxmozilla firefoxeq4.0
mozilla:firefoxmozilla firefoxeq3.6.2
mozilla:firefoxmozilla firefoxeq2.0.0.12

CPE	Name	Operator	Version
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.6
mozilla:firefox_esr	mozilla firefox esr	eq	10.0
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.5
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.2
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.3
mozilla:firefox_esr	mozilla firefox esr	eq	10.0.4
mozilla:firefox	mozilla firefox	eq	4.0
mozilla:firefox	mozilla firefox	eq	3.6.2
mozilla:firefox	mozilla firefox	eq	2.0.0.12