CVE-2012-3988

2012-10-1017:55:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2012-3988

mozilla firefox

firefox esr

thunderbird

seamonkey

vulnerability

remote code execution

use-after-free

nvd

8.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.073 Low

EPSS

Percentile

94.0%

JSON

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.

CPENameOperatorVersion
mozilla:firefox_esrmozilla firefox esrlt10.0.8
mozilla:thunderbird_esrmozilla thunderbird esrlt10.0.8
mozilla:firefoxmozilla firefoxlt16.0
mozilla:thunderbirdmozilla thunderbirdlt16.0
mozilla:seamonkeymozilla seamonkeylt2.13
redhat:enterprise_linux_serverredhat enterprise linux servereq5.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq5.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.10
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq6.0

CPE	Name	Operator	Version
mozilla:firefox_esr	mozilla firefox esr	lt	10.0.8
mozilla:thunderbird_esr	mozilla thunderbird esr	lt	10.0.8
mozilla:firefox	mozilla firefox	lt	16.0
mozilla:thunderbird	mozilla thunderbird	lt	16.0
mozilla:seamonkey	mozilla seamonkey	lt	2.13
redhat:enterprise_linux_server	redhat enterprise linux server	eq	5.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	5.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.10
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	6.0