8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
89.3%
Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 17 | |
firefox esr | lt | 10.0.11 | |
seamonkey | lt | 2.14 | |
thunderbird | lt | 17 | |
thunderbird esr | lt | 10.0.11 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5833
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5838
bugzilla.mozilla.org/show_bug.cgi?id=775228
bugzilla.mozilla.org/show_bug.cgi?id=785734
bugzilla.mozilla.org/show_bug.cgi?id=790879
bugzilla.mozilla.org/show_bug.cgi?id=802778
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
89.3%