Mozilla FoundationMFSA2012-85Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer — Mozilla
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
98.0%
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free, buffer overflow, and out of bounds read issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting two additional use-after-free flaws introduced during Firefox 16 development and fixed before general release.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 16 | |
| firefox esr | lt | 10.0.8 | |
| seamonkey | lt | 2.13 | |
| thunderbird | lt | 16 | |
| thunderbird esr | lt | 10.0.8 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
bugzilla.mozilla.org/show_bug.cgi?id=765621
bugzilla.mozilla.org/show_bug.cgi?id=785574
bugzilla.mozilla.org/show_bug.cgi?id=785720
bugzilla.mozilla.org/show_bug.cgi?id=786111
bugzilla.mozilla.org/show_bug.cgi?id=786895
bugzilla.mozilla.org/show_bug.cgi?id=788950
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.713 High
EPSS
Percentile
98.0%