CVE-2012-4191

2012-10-1210:44:00

CWE-787

[email protected]

web.nvd.nist.gov

mozilla

firefox

thunderbird

seamonkey

websockets

cve-2012-4191

nvd

security

vulnerability

9.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.045 Low

EPSS

Percentile

92.4%

JSON

The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt16.0.1
mozilla:seamonkeymozilla seamonkeylt2.13.1
mozilla:thunderbirdmozilla thunderbirdlt16.0.1
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	16.0.1
mozilla:seamonkey	mozilla seamonkey	lt	2.13.1
mozilla:thunderbird	mozilla thunderbird	lt	16.0.1
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04