Search...

SeaMonkey < 2.9.0 Multiple Vulnerabilities

2012-04-27T00:00:00

ID SEAMONKEY_29.NASL
Type nessus
Reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
Modified 2021-02-02T00:00:00

Description

The installed version of SeaMonkey is earlier than 2.9.0. Such versions are potentially affected by the following security issues :

An error exists with the handling of JavaScript errors that can lead to information disclosure. (CVE-2011-1187)

An off-by-one error exists in the 'OpenType Sanitizer' that can lead to out-bounds-reads and possible code execution. (CVE-2011-3062)

Memory safety issues exist which could lead to arbitrary code execution. (CVE-2012-0467, CVE-2012-0468)

A use-after-free error exists related to 'IDBKeyRange' of 'indexedDB'. (CVE-2012-0469)

Heap-corruption errors exist related to 'gfxImageSurface' which can lead to possible code execution. (CVE-2012-0470)

A multi-octet encoding issue exists which could allow cross-site scripting attacks as certain octets in multibyte character sets can destroy following octets. (CVE-2012-0471)

An error exists related to font rendering with 'cairo- dwrite' which can cause memory corruption leading to crashes and potentially code execution. (CVE-2012-0472)

An error exists in 'WebGLBuffer' that can lead to the reading of illegal video memory. (CVE-2012-0473)

An unspecified error can allow URL bar spoofing. (CVE-2012-0474)

IPv6 addresses and cross-site 'XHR' or 'WebSocket' connections on non-standard ports can allow this application to send ambiguous origin headers. (CVE-2012-0475)

A decoding issue exists related to 'ISO-2022-KR' and 'ISO-2022-CN' character sets which could lead to cross- site scripting attacks. (CVE-2012-0477)

An error exists related to 'WebGL' and 'texImage2D' that can allow application crashes and possibly code execution when 'JSVAL_TO_OBJECT' is used on ordinary objects. (CVE-2012-0478)

Address bar spoofing is possible when 'Atom XML' or 'RSS' data is loaded over HTTPS leading to phishing attacks. (CVE-2012-0479)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58901);
  script_version("1.14");
  script_cvs_date("Date: 2018/07/30 11:55:12");

  script_cve_id(
    "CVE-2011-1187",
    "CVE-2011-3062",
    "CVE-2012-0467",
    "CVE-2012-0468",
    "CVE-2012-0469",
    "CVE-2012-0470",
    "CVE-2012-0471",
    "CVE-2012-0472",
    "CVE-2012-0473",
    "CVE-2012-0474",
    "CVE-2012-0475",
    "CVE-2012-0477",
    "CVE-2012-0478",
    "CVE-2012-0479"
  );
  script_bugtraq_id(
    53218,
    53219,
    53220,
    53221,
    53222,
    53223,
    53224,
    53225,
    53227,
    53228,
    53229,
    53230,
    53231
  );

  script_name(english:"SeaMonkey &lt; 2.9.0 Multiple Vulnerabilities");
  script_summary(english:"Checks version of SeaMonkey");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Windows host contains a web browser that is affected by
multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The installed version of SeaMonkey is earlier than 2.9.0. Such
versions are potentially affected by the following security issues :

  - An error exists with the handling of JavaScript errors 
    that can lead to information disclosure. (CVE-2011-1187)

  - An off-by-one error exists in the 'OpenType Sanitizer'
    that can lead to out-bounds-reads and possible code
    execution. (CVE-2011-3062)

  - Memory safety issues exist which could lead
    to arbitrary code execution. (CVE-2012-0467,
    CVE-2012-0468)

  - A use-after-free error exists related to 'IDBKeyRange'
    of 'indexedDB'. (CVE-2012-0469)

  - Heap-corruption errors exist related to
    'gfxImageSurface' which can lead to possible code
    execution. (CVE-2012-0470)

  - A multi-octet encoding issue exists which could allow
    cross-site scripting attacks as certain octets in
    multibyte character sets can destroy following octets.
    (CVE-2012-0471)

  - An error exists related to font rendering with 'cairo-
    dwrite' which can cause memory corruption leading to 
    crashes and potentially code execution. (CVE-2012-0472)

  - An error exists in 'WebGLBuffer' that can lead to the
    reading of illegal video memory. (CVE-2012-0473)

  - An unspecified error can allow URL bar spoofing.
    (CVE-2012-0474)

  - IPv6 addresses and cross-site 'XHR' or 'WebSocket'
    connections on non-standard ports can allow this
    application to send ambiguous origin headers. 
    (CVE-2012-0475)

  - A decoding issue exists related to 'ISO-2022-KR' and
    'ISO-2022-CN' character sets which could lead to cross-
    site scripting attacks. (CVE-2012-0477)
    
  - An error exists related to 'WebGL' and 'texImage2D'
    that can allow application crashes and possibly code
    execution when 'JSVAL_TO_OBJECT' is used on ordinary
    objects. (CVE-2012-0478)

  - Address bar spoofing is possible when 'Atom XML' or
    'RSS' data is loaded over HTTPS leading to phishing
    attacks. (CVE-2012-0479)"
  );
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/");

  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to SeaMonkey 2.9.0 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
 
  script_dependencies("mozilla_org_installed.nasl");
  script_require_keys("SeaMonkey/Version");
  exit(0);
}

include("mozilla_version.inc");
port = get_kb_item("SMB/transport");
if (!port) port = 445;

installs = get_kb_list("SMB/SeaMonkey/*");
if (isnull(installs)) audit(AUDIT_NOT_INST, "SeaMonkey");

mozilla_check_version(installs:installs, product:'seamonkey', fix:'2.9.0', severity:SECURITY_HOLE, xss:TRUE);

JSON Vulners Source

Initial Source

{"id": "SEAMONKEY_29.NASL", "bulletinFamily": "scanner", "title": "SeaMonkey < 2.9.0 Multiple Vulnerabilities", "description": "The installed version of SeaMonkey is earlier than 2.9.0. Such\nversions are potentially affected by the following security issues :\n\n - An error exists with the handling of JavaScript errors \n that can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n that can lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist which could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' which can lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists related to font rendering with 'cairo-\n dwrite' which can cause memory corruption leading to \n crashes and potentially code execution. (CVE-2012-0472)\n\n - An error exists in 'WebGLBuffer' that can lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports can allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets which could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that can allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)", "published": "2012-04-27T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/58901", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/", "https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/"], "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "type": "nessus", "lastseen": "2021-02-01T06:02:15", "edition": 28, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["SUSE-SU-2012:0580-1", "SUSE-SU-2012:0688-1"]}, {"type": "nessus", "idList": ["SUSE_FIREFOX10-201205-8154.NASL", "MANDRIVA_MDVSA-2012-066.NASL", "MOZILLA_FIREFOX_120.NASL", "UBUNTU_USN-1430-2.NASL", "UBUNTU_USN-1430-3.NASL", "MACOSX_THUNDERBIRD_12_0.NASL", "UBUNTU_USN-1430-1.NASL", "MACOSX_FIREFOX_12_0.NASL", "MOZILLA_THUNDERBIRD_120.NASL", "SUSE_11_FIREFOX-201204-120426.NASL"]}, {"type": "ubuntu", "idList": ["USN-1430-2", "USN-1430-1", "USN-1430-3"]}, {"type": "openvas", "idList": ["OPENVAS:881082", "OPENVAS:840992", "OPENVAS:1361412562310840991", "OPENVAS:1361412562310841000", "OPENVAS:1361412562310840992", "OPENVAS:870713", "OPENVAS:840991", "OPENVAS:841000", "OPENVAS:831630", "OPENVAS:881202"]}, {"type": "centos", "idList": ["CESA-2012:0516", "CESA-2012:0515"]}, {"type": "redhat", "idList": ["RHSA-2012:0516", "RHSA-2012:0515"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0516", "ELSA-2012-0515"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2457-1:2093A", "DEBIAN:DSA-2548-1:1FF93", "DEBIAN:DSA-2457-2:D2EFF", "DEBIAN:DSA-2464-1:C0FF5"]}, {"type": "cve", "idList": ["CVE-2012-0479", "CVE-2012-0468", "CVE-2012-0470", "CVE-2012-0477", "CVE-2012-0473", "CVE-2011-3062", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-0472", "CVE-2012-0478"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12355"]}, {"type": "freebsd", "idList": ["380E8C56-8E32-11E1-9580-4061862B8C22"]}, {"type": "mozilla", "idList": ["MFSA2012-33", "MFSA2012-20", "MFSA2012-25", "MFSA2012-24"]}, {"type": "seebug", "idList": ["SSV:60083"]}], "modified": "2021-02-01T06:02:15", "rev": 2}, "score": {"value": 10.1, "vector": "NONE", "modified": "2021-02-01T06:02:15", "rev": 2}, "vulnersScore": 10.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58901);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/30 11:55:12\");\n\n script_cve_id(\n \"CVE-2011-1187\",\n \"CVE-2011-3062\",\n \"CVE-2012-0467\",\n \"CVE-2012-0468\",\n \"CVE-2012-0469\",\n \"CVE-2012-0470\",\n \"CVE-2012-0471\",\n \"CVE-2012-0472\",\n \"CVE-2012-0473\",\n \"CVE-2012-0474\",\n \"CVE-2012-0475\",\n \"CVE-2012-0477\",\n \"CVE-2012-0478\",\n \"CVE-2012-0479\"\n );\n script_bugtraq_id(\n 53218,\n 53219,\n 53220,\n 53221,\n 53222,\n 53223,\n 53224,\n 53225,\n 53227,\n 53228,\n 53229,\n 53230,\n 53231\n );\n\n script_name(english:\"SeaMonkey < 2.9.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of SeaMonkey\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of SeaMonkey is earlier than 2.9.0. Such\nversions are potentially affected by the following security issues :\n\n - An error exists with the handling of JavaScript errors \n that can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n that can lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist which could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' which can lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists related to font rendering with 'cairo-\n dwrite' which can cause memory corruption leading to \n crashes and potentially code execution. (CVE-2012-0472)\n\n - An error exists in 'WebGLBuffer' that can lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports can allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets which could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that can allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\");\n\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to SeaMonkey 2.9.0 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:seamonkey\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"SeaMonkey/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/SeaMonkey/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"SeaMonkey\");\n\nmozilla_check_version(installs:installs, product:'seamonkey', fix:'2.9.0', severity:SECURITY_HOLE, xss:TRUE);", "naslFamily": "Windows", "pluginID": "58901", "cpe": ["cpe:/a:mozilla:seamonkey"], "scheme": null}

{"suse": [{"lastseen": "2016-09-04T12:07:45", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "MozillaFirefox was updated to the 10.0.4 ESR release to fix\n various bugs and security issues.\n\n *\n\n MFSA 2012-20: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n Christian Holler a reported memory safety and\n security problem affecting Firefox 11. (CVE-2012-0468)\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby\n Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse\n Ruderman, Julian Seward, and Olli Pettay reported memory\n safety problems and crashes that affect Firefox ESR and\n Firefox 11. (CVE-2012-0467)\n\n *\n\n MFSA 2012-22 / CVE-2012-0469: Using the Address\n Sanitizer tool, security researcher Aki Helin from OUSPG\n found that IDBKeyRange of indexedDB remains in the\n XPConnect hashtable instead of being unlinked before being\n destroyed. When it is destroyed, this causes a\n use-after-free, which is potentially exploitable.\n\n *\n\n MFSA 2012-23 / CVE-2012-0470: Using the Address\n Sanitizer tool, security researcher Atte Kettunen from\n OUSPG found a heap corruption in gfxImageSurface which\n allows for invalid frees and possible remote code\n execution. This happens due to float error, resulting from\n graphics values being passed through different number\n systems.\n\n *\n\n MFSA 2012-24 / CVE-2012-0471: Anne van Kesteren of\n Opera Software found a multi-octet encoding issue where\n certain octets will destroy the following octets in the\n processing of some multibyte character sets. This can leave\n users vulnerable to cross-site scripting (XSS) attacks on\n maliciously crafted web pages.\n\n *\n\n MFSA 2012-25 / CVE-2012-0472: Security research firm\n iDefense reported that researcher wushi of team509\n discovered a memory corruption on Windows Vista and Windows\n 7 systems with hardware acceleration disabled or using\n incompatible video drivers. This is created by using\n cairo-dwrite to attempt to render fonts on an unsupported\n code path. This corruption causes a potentially exploitable\n crash on affected systems.\n\n *\n\n MFSA 2012-26 / CVE-2012-0473: Mozilla community\n member Matias Juntunen discovered an error in WebGLBuffer\n where FindMaxElementInSubArray receives wrong template\n arguments from FindMaxUshortElement. This bug causes\n maximum index to be computed incorrectly within\n WebGL.drawElements, allowing the reading of illegal video\n memory.\n\n *\n\n MFSA 2012-27 / CVE-2012-0474: Security researchers\n Jordi Chancel and Eddy Bordi reported that they could\n short-circuit page loads to show the address of a different\n site than what is loaded in the window in the addressbar.\n Security researcher Chris McGowen independently reported\n the same flaw, and further demonstrated that this could\n lead to loading scripts from the attacker's site, leaving\n users vulnerable to cross-site scripting (XSS) attacks.\n\n *\n\n MFSA 2012-28 / CVE-2012-0475: Security researcher\n Simone Fabiano reported that if a cross-site XHR or\n WebSocket is opened on a web server on a non-standard port\n for web traffic while using an IPv6 address, the browser\n will send an ambiguous origin headers if the IPv6 address\n contains at least 2 consecutive 16-bit fields of zeroes. If\n there is an origin access control list that uses IPv6\n literals, this issue could be used to bypass these access\n controls on the server.\n\n *\n\n MFSA 2012-29 / CVE-2012-0477: Security researcher\n Masato Kinugawa found that during the decoding of\n ISO-2022-KR and ISO-2022-CN character sets, characters near\n 1024 bytes are treated incorrectly, either doubling or\n deleting bytes. On certain pages it might be possible for\n an attacker to pad the output of the page such that these\n errors fall in the right place to affect the structure of\n the page, allowing for cross-site script (XSS) injection.\n\n *\n\n MFSA 2012-30 / CVE-2012-0478: Mozilla community\n member Ms2ger found an image rendering issue with WebGL\n when texImage2D uses use JSVAL_TO_OBJECT on arbitrary\n objects. This can lead to a crash on a maliciously crafted\n web page. While there is no evidence that this is directly\n exploitable, there is a possibility of remote code\n execution.\n\n *\n\n MFSA 2012-31 / CVE-2011-3062: Mateusz Jurczyk of the\n Google Security Team discovered an off-by-one error in the\n OpenType Sanitizer using the Address Sanitizer tool. This\n can lead to an out-of-bounds read and execution of an\n uninitialized function pointer during parsing and possible\n remote code execution.\n\n *\n\n MFSA 2012-32 / CVE-2011-1187: Security researcher\n Daniel Divricean reported that a defect in the error\n handling of javascript errors can leak the file names and\n location of javascript files on a server, leading to\n inadvertent information disclosure and a vector for further\n attacks.\n\n *\n\n MFSA 2012-33 / CVE-2012-0479: Security researcher\n Jeroen van der Gun reported that if RSS or Atom XML invalid\n content is loaded over HTTPS, the addressbar updates to\n display the new location of the loaded resource, including\n SSL indicators, while the main window still displays the\n previously loaded content. This allows for phishing attacks\n where a malicious page can spoof the identify of another\n seemingly secure site.\n", "edition": 1, "modified": "2012-05-02T19:08:16", "published": "2012-05-02T19:08:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00000.html", "id": "SUSE-SU-2012:0580-1", "title": "Security update for Mozilla Firefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:19", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "MozillaFirefox was updated to the 10.0.4 ESR release to fix\n various bugs and security issues.\n\n *\n\n Mozilla developers identified and fixed several\n memory safety bugs in the browser engine used in Firefox\n and other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain circumstances,\n and we presume that with enough effort at least some of\n these could be exploited to run arbitrary code. (MFSA\n 2012-20)\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n o\n\n Christian Holler a reported memory safety and\n security problem affecting Firefox 11. (CVE-2012-0468)\n\n o\n\n Bob Clary, Christian Holler, Brian Hackett,\n Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse\n Ruderman, Julian Seward, and Olli Pettay reported memory\n safety problems and crashes that affect Firefox ESR and\n Firefox 11. (CVE-2012-0467)\n\n *\n\n Using the Address Sanitizer tool, security researcher\n Aki Helin from OUSPG found that IDBKeyRange of indexedDB\n remains in the XPConnect hashtable instead of being\n unlinked before being destroyed. When it is destroyed, this\n causes a use-after-free, which is potentially exploitable.\n (MFSA 2012-22 / CVE-2012-0469)\n\n *\n\n Using the Address Sanitizer tool, security researcher\n Atte Kettunen from OUSPG found a heap corruption in\n gfxImageSurface which allows for invalid frees and possible\n remote code execution. This happens due to float error,\n resulting from graphics values being passed through\n different number systems. (MFSA 2012-23 / CVE-2012-0470)\n\n *\n\n Anne van Kesteren of Opera Software found a\n multi-octet encoding issue where certain octets will\n destroy the following octets in the processing of some\n multibyte character sets. This can leave users vulnerable\n to cross-site scripting (XSS) attacks on maliciously\n crafted web pages. (MFSA 2012-24 / CVE-2012-0471)\n\n *\n\n Security research firm iDefense reported that\n researcher wushi of team509 discovered a memory corruption\n on Windows Vista and Windows 7 systems with hardware\n acceleration disabled or using incompatible video drivers.\n This is created by using cairo-dwrite to attempt to render\n fonts on an unsupported code path. This corruption causes a\n potentially exploitable crash on affected systems. (MFSA\n 2012-25 / CVE-2012-0472)\n\n *\n\n Mozilla community member Matias Juntunen discovered\n an error in WebGLBuffer where FindMaxElementInSubArray\n receives wrong template arguments from\n FindMaxUshortElement. This bug causes maximum index to be\n computed incorrectly within WebGL.drawElements, allowing\n the reading of illegal video memory. (MFSA 2012-26 /\n CVE-2012-0473)\n\n *\n\n Security researchers Jordi Chancel and Eddy Bordi\n reported that they could short-circuit page loads to show\n the address of a different site than what is loaded in the\n window in the addressbar. Security researcher Chris McGowen\n independently reported the same flaw, and further\n demonstrated that this could lead to loading scripts from\n the attacker's site, leaving users vulnerable to cross-site\n scripting (XSS) attacks. (MFSA 2012-27 / CVE-2012-0474)\n\n *\n\n Security researcher Simone Fabiano reported that if a\n cross-site XHR or WebSocket is opened on a web server on a\n non-standard port for web traffic while using an IPv6\n address, the browser will send an ambiguous origin headers\n if the IPv6 address contains at least 2 consecutive 16-bit\n fields of zeroes. If there is an origin access control list\n that uses IPv6 literals, this issue could be used to bypass\n these access controls on the server. (MFSA 2012-28 /\n CVE-2012-0475)\n\n *\n\n Security researcher Masato Kinugawa found that during\n the decoding of ISO-2022-KR and ISO-2022-CN character sets,\n characters near 1024 bytes are treated incorrectly, either\n doubling or deleting bytes. On certain pages it might be\n possible for an attacker to pad the output of the page such\n that these errors fall in the right place to affect the\n structure of the page, allowing for cross-site script (XSS)\n injection. (MFSA 2012-29 / CVE-2012-0477)\n\n *\n\n Mozilla community member Ms2ger found an image\n rendering issue with WebGL when texImage2D uses use\n JSVAL_TO_OBJECT on arbitrary objects. This can lead to a\n crash on a maliciously crafted web page. While there is no\n evidence that this is directly exploitable, there is a\n possibility of remote code execution. (MFSA 2012-30 /\n CVE-2012-0478)\n\n *\n\n Mateusz Jurczyk of the Google Security Team\n discovered an off-by-one error in the OpenType Sanitizer\n using the Address Sanitizer tool. This can lead to an\n out-of-bounds read and execution of an uninitialized\n function pointer during parsing and possible remote code\n execution. (MFSA 2012-31 / CVE-2011-3062)\n\n *\n\n Security researcher Daniel Divricean reported that a\n defect in the error handling of javascript errors can leak\n the file names and location of javascript files on a\n server, leading to inadvertent information disclosure and a\n vector for further attacks. (MFSA 2012-32 / CVE-2011-1187)\n\n *\n\n Security researcher Jeroen van der Gun reported that\n if RSS or Atom XML invalid content is loaded over HTTPS,\n the addressbar updates to display the new location of the\n loaded resource, including SSL indicators, while the main\n window still displays the previously loaded content. This\n allows for phishing attacks where a malicious page can\n spoof the identify of another seemingly secure site. (MFSA\n 2012-33 / CVE-2012-0479)\n\n\n", "edition": 1, "modified": "2012-06-02T02:08:30", "published": "2012-06-02T02:08:30", "id": "SUSE-SU-2012:0688-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00000.html", "title": "Security update for MozillaFirefox (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T14:37:47", "description": "Mozilla Firefox was updated to the 10.0.4 ESR release to fix various\nbugs and security issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2012-20)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n Christian Holler a reported memory safety and security\n problem affecting Firefox 11. (CVE-2012-0468)\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby\n Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse\n Ruderman, Julian Seward, and Olli Pettay reported memory\n safety problems and crashes that affect Firefox ESR and\n Firefox 11. (CVE-2012-0467)\n\n - Using the Address Sanitizer tool, security researcher\n Aki Helin from OUSPG found that IDBKeyRange of indexedDB\n remains in the XPConnect hashtable instead of being\n unlinked before being destroyed. When it is destroyed,\n this causes a use-after-free, which is potentially\n exploitable. (MFSA 2012-22 / CVE-2012-0469)\n\n - Using the Address Sanitizer tool, security researcher\n Atte Kettunen from OUSPG found a heap corruption in\n gfxImageSurface which allows for invalid frees and\n possible remote code execution. This happens due to\n float error, resulting from graphics values being passed\n through different number systems. (MFSA 2012-23 /\n CVE-2012-0470)\n\n - Anne van Kesteren of Opera Software found a multi-octet\n encoding issue where certain octets will destroy the\n following octets in the processing of some multibyte\n character sets. This can leave users vulnerable to\n cross-site scripting (XSS) attacks on maliciously\n crafted web pages. (MFSA 2012-24 / CVE-2012-0471)\n\n - Security research firm iDefense reported that researcher\n wushi of team509 discovered a memory corruption on\n Windows Vista and Windows 7 systems with hardware\n acceleration disabled or using incompatible video\n drivers. This is created by using cairo-dwrite to\n attempt to render fonts on an unsupported code path.\n This corruption causes a potentially exploitable crash\n on affected systems. (MFSA 2012-25 / CVE-2012-0472)\n\n - Mozilla community member Matias Juntunen discovered an\n error in WebGLBuffer where FindMaxElementInSubArray\n receives wrong template arguments from\n FindMaxUshortElement. This bug causes maximum index to\n be computed incorrectly within WebGL.drawElements,\n allowing the reading of illegal video memory. (MFSA\n 2012-26 / CVE-2012-0473)\n\n - Security researchers Jordi Chancel and Eddy Bordi\n reported that they could short-circuit page loads to\n show the address of a different site than what is loaded\n in the window in the addressbar. Security researcher\n Chris McGowen independently reported the same flaw, and\n further demonstrated that this could lead to loading\n scripts from the attacker's site, leaving users\n vulnerable to cross-site scripting (XSS) attacks. (MFSA\n 2012-27 / CVE-2012-0474)\n\n - Security researcher Simone Fabiano reported that if a\n cross-site XHR or WebSocket is opened on a web server on\n a non-standard port for web traffic while using an IPv6\n address, the browser will send an ambiguous origin\n headers if the IPv6 address contains at least 2\n consecutive 16-bit fields of zeroes. If there is an\n origin access control list that uses IPv6 literals, this\n issue could be used to bypass these access controls on\n the server. (MFSA 2012-28 / CVE-2012-0475)\n\n - Security researcher Masato Kinugawa found that during\n the decoding of ISO-2022-KR and ISO-2022-CN character\n sets, characters near 1024 bytes are treated\n incorrectly, either doubling or deleting bytes. On\n certain pages it might be possible for an attacker to\n pad the output of the page such that these errors fall\n in the right place to affect the structure of the page,\n allowing for cross-site script (XSS) injection. (MFSA\n 2012-29 / CVE-2012-0477)\n\n - Mozilla community member Ms2ger found an image rendering\n issue with WebGL when texImage2D uses use\n JSVAL_TO_OBJECT on arbitrary objects. This can lead to a\n crash on a maliciously crafted web page. While there is\n no evidence that this is directly exploitable, there is\n a possibility of remote code execution. (MFSA 2012-30 /\n CVE-2012-0478)\n\n - Mateusz Jurczyk of the Google Security Team discovered\n an off-by-one error in the OpenType Sanitizer using the\n Address Sanitizer tool. This can lead to an\n out-of-bounds read and execution of an uninitialized\n function pointer during parsing and possible remote code\n execution. (MFSA 2012-31 / CVE-2011-3062)\n\n - Security researcher Daniel Divricean reported that a\n defect in the error handling of JavaScript errors can\n leak the file names and location of JavaScript files on\n a server, leading to inadvertent information disclosure\n and a vector for further attacks. (MFSA 2012-32 /\n CVE-2011-1187)\n\n - Security researcher Jeroen van der Gun reported that if\n RSS or Atom XML invalid content is loaded over HTTPS,\n the addressbar updates to display the new location of\n the loaded resource, including SSL indicators, while the\n main window still displays the previously loaded\n content. This allows for phishing attacks where a\n malicious page can spoof the identify of another\n seemingly secure site. (MFSA 2012-33 / CVE-2012-0479)", "edition": 19, "published": "2012-05-03T00:00:00", "title": "SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6224)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2012-05-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-nss", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations", "p-cpe:/a:novell:suse_linux:11:MozillaFirefox", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:11:libfreebl3", "p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit"], "id": "SUSE_11_FIREFOX-201204-120426.NASL", "href": "https://www.tenable.com/plugins/nessus/58973", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58973);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n\n script_name(english:\"SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6224)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Firefox was updated to the 10.0.4 ESR release to fix various\nbugs and security issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2012-20)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n\n Christian Holler a reported memory safety and security\n problem affecting Firefox 11. (CVE-2012-0468)\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby\n Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse\n Ruderman, Julian Seward, and Olli Pettay reported memory\n safety problems and crashes that affect Firefox ESR and\n Firefox 11. (CVE-2012-0467)\n\n - Using the Address Sanitizer tool, security researcher\n Aki Helin from OUSPG found that IDBKeyRange of indexedDB\n remains in the XPConnect hashtable instead of being\n unlinked before being destroyed. When it is destroyed,\n this causes a use-after-free, which is potentially\n exploitable. (MFSA 2012-22 / CVE-2012-0469)\n\n - Using the Address Sanitizer tool, security researcher\n Atte Kettunen from OUSPG found a heap corruption in\n gfxImageSurface which allows for invalid frees and\n possible remote code execution. This happens due to\n float error, resulting from graphics values being passed\n through different number systems. (MFSA 2012-23 /\n CVE-2012-0470)\n\n - Anne van Kesteren of Opera Software found a multi-octet\n encoding issue where certain octets will destroy the\n following octets in the processing of some multibyte\n character sets. This can leave users vulnerable to\n cross-site scripting (XSS) attacks on maliciously\n crafted web pages. (MFSA 2012-24 / CVE-2012-0471)\n\n - Security research firm iDefense reported that researcher\n wushi of team509 discovered a memory corruption on\n Windows Vista and Windows 7 systems with hardware\n acceleration disabled or using incompatible video\n drivers. This is created by using cairo-dwrite to\n attempt to render fonts on an unsupported code path.\n This corruption causes a potentially exploitable crash\n on affected systems. (MFSA 2012-25 / CVE-2012-0472)\n\n - Mozilla community member Matias Juntunen discovered an\n error in WebGLBuffer where FindMaxElementInSubArray\n receives wrong template arguments from\n FindMaxUshortElement. This bug causes maximum index to\n be computed incorrectly within WebGL.drawElements,\n allowing the reading of illegal video memory. (MFSA\n 2012-26 / CVE-2012-0473)\n\n - Security researchers Jordi Chancel and Eddy Bordi\n reported that they could short-circuit page loads to\n show the address of a different site than what is loaded\n in the window in the addressbar. Security researcher\n Chris McGowen independently reported the same flaw, and\n further demonstrated that this could lead to loading\n scripts from the attacker's site, leaving users\n vulnerable to cross-site scripting (XSS) attacks. (MFSA\n 2012-27 / CVE-2012-0474)\n\n - Security researcher Simone Fabiano reported that if a\n cross-site XHR or WebSocket is opened on a web server on\n a non-standard port for web traffic while using an IPv6\n address, the browser will send an ambiguous origin\n headers if the IPv6 address contains at least 2\n consecutive 16-bit fields of zeroes. If there is an\n origin access control list that uses IPv6 literals, this\n issue could be used to bypass these access controls on\n the server. (MFSA 2012-28 / CVE-2012-0475)\n\n - Security researcher Masato Kinugawa found that during\n the decoding of ISO-2022-KR and ISO-2022-CN character\n sets, characters near 1024 bytes are treated\n incorrectly, either doubling or deleting bytes. On\n certain pages it might be possible for an attacker to\n pad the output of the page such that these errors fall\n in the right place to affect the structure of the page,\n allowing for cross-site script (XSS) injection. (MFSA\n 2012-29 / CVE-2012-0477)\n\n - Mozilla community member Ms2ger found an image rendering\n issue with WebGL when texImage2D uses use\n JSVAL_TO_OBJECT on arbitrary objects. This can lead to a\n crash on a maliciously crafted web page. While there is\n no evidence that this is directly exploitable, there is\n a possibility of remote code execution. (MFSA 2012-30 /\n CVE-2012-0478)\n\n - Mateusz Jurczyk of the Google Security Team discovered\n an off-by-one error in the OpenType Sanitizer using the\n Address Sanitizer tool. This can lead to an\n out-of-bounds read and execution of an uninitialized\n function pointer during parsing and possible remote code\n execution. (MFSA 2012-31 / CVE-2011-3062)\n\n - Security researcher Daniel Divricean reported that a\n defect in the error handling of JavaScript errors can\n leak the file names and location of JavaScript files on\n a server, leading to inadvertent information disclosure\n and a vector for further attacks. (MFSA 2012-32 /\n CVE-2011-1187)\n\n - Security researcher Jeroen van der Gun reported that if\n RSS or Atom XML invalid content is loaded over HTTPS,\n the addressbar updates to display the new location of\n the loaded resource, including SSL indicators, while the\n main window still displays the previously loaded\n content. This allows for phishing attacks where a\n malicious page can spoof the identify of another\n seemingly secure site. (MFSA 2012-33 / CVE-2012-0479)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-20.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-22.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-23.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-24.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-25.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-26.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-27.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-28.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-29.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-30.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-31.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-32.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-33.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=758408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1187.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0467.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0472.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0474.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0475.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0477.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0479.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6224.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:MozillaFirefox-translations\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-10.0.4-0.3.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"MozillaFirefox-translations-10.0.4-0.3.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libfreebl3-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-nss-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"mozilla-nss-tools-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-10.0.4-0.3.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"MozillaFirefox-translations-10.0.4-0.3.3\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libfreebl3-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nss-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-10.0.4-0.3.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"MozillaFirefox-translations-10.0.4-0.3.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libfreebl3-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-nss-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"mozilla-nss-tools-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libfreebl3-32bit-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.13.4-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.4-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:14:25", "description": "MozillaFirefox was updated to the 10.0.4 ESR release to fix various\nbugs and security issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2012-20)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n\no\n\nChristian Holler a reported memory safety and security\nproblem affecting Firefox 11. (CVE-2012-0468)\n\no\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley,\nGary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman,\nJulian Seward, and Olli Pettay reported memory safety\nproblems and crashes that affect Firefox ESR and Firefox 11.\n(CVE-2012-0467)\n\n - Using the Address Sanitizer tool, security researcher\n Aki Helin from OUSPG found that IDBKeyRange of indexedDB\n remains in the XPConnect hashtable instead of being\n unlinked before being destroyed. When it is destroyed,\n this causes a use-after-free, which is potentially\n exploitable. (MFSA 2012-22 / CVE-2012-0469)\n\n - Using the Address Sanitizer tool, security researcher\n Atte Kettunen from OUSPG found a heap corruption in\n gfxImageSurface which allows for invalid frees and\n possible remote code execution. This happens due to\n float error, resulting from graphics values being passed\n through different number systems. (MFSA 2012-23 /\n CVE-2012-0470)\n\n - Anne van Kesteren of Opera Software found a multi-octet\n encoding issue where certain octets will destroy the\n following octets in the processing of some multibyte\n character sets. This can leave users vulnerable to\n cross-site scripting (XSS) attacks on maliciously\n crafted web pages. (MFSA 2012-24 / CVE-2012-0471)\n\n - Security research firm iDefense reported that researcher\n wushi of team509 discovered a memory corruption on\n Windows Vista and Windows 7 systems with hardware\n acceleration disabled or using incompatible video\n drivers. This is created by using cairo-dwrite to\n attempt to render fonts on an unsupported code path.\n This corruption causes a potentially exploitable crash\n on affected systems. (MFSA 2012-25 / CVE-2012-0472)\n\n - Mozilla community member Matias Juntunen discovered an\n error in WebGLBuffer where FindMaxElementInSubArray\n receives wrong template arguments from\n FindMaxUshortElement. This bug causes maximum index to\n be computed incorrectly within WebGL.drawElements,\n allowing the reading of illegal video memory. (MFSA\n 2012-26 / CVE-2012-0473)\n\n - Security researchers Jordi Chancel and Eddy Bordi\n reported that they could short-circuit page loads to\n show the address of a different site than what is loaded\n in the window in the addressbar. Security researcher\n Chris McGowen independently reported the same flaw, and\n further demonstrated that this could lead to loading\n scripts from the attacker's site, leaving users\n vulnerable to cross-site scripting (XSS) attacks. (MFSA\n 2012-27 / CVE-2012-0474)\n\n - Security researcher Simone Fabiano reported that if a\n cross-site XHR or WebSocket is opened on a web server on\n a non-standard port for web traffic while using an IPv6\n address, the browser will send an ambiguous origin\n headers if the IPv6 address contains at least 2\n consecutive 16-bit fields of zeroes. If there is an\n origin access control list that uses IPv6 literals, this\n issue could be used to bypass these access controls on\n the server. (MFSA 2012-28 / CVE-2012-0475)\n\n - Security researcher Masato Kinugawa found that during\n the decoding of ISO-2022-KR and ISO-2022-CN character\n sets, characters near 1024 bytes are treated\n incorrectly, either doubling or deleting bytes. On\n certain pages it might be possible for an attacker to\n pad the output of the page such that these errors fall\n in the right place to affect the structure of the page,\n allowing for cross-site script (XSS) injection. (MFSA\n 2012-29 / CVE-2012-0477)\n\n - Mozilla community member Ms2ger found an image rendering\n issue with WebGL when texImage2D uses use\n JSVAL_TO_OBJECT on arbitrary objects. This can lead to a\n crash on a maliciously crafted web page. While there is\n no evidence that this is directly exploitable, there is\n a possibility of remote code execution. (MFSA 2012-30 /\n CVE-2012-0478)\n\n - Mateusz Jurczyk of the Google Security Team discovered\n an off-by-one error in the OpenType Sanitizer using the\n Address Sanitizer tool. This can lead to an\n out-of-bounds read and execution of an uninitialized\n function pointer during parsing and possible remote code\n execution. (MFSA 2012-31 / CVE-2011-3062)\n\n - Security researcher Daniel Divricean reported that a\n defect in the error handling of JavaScript errors can\n leak the file names and location of JavaScript files on\n a server, leading to inadvertent information disclosure\n and a vector for further attacks. (MFSA 2012-32 /\n CVE-2011-1187)\n\n - Security researcher Jeroen van der Gun reported that if\n RSS or Atom XML invalid content is loaded over HTTPS,\n the addressbar updates to display the new location of\n the loaded resource, including SSL indicators, while the\n main window still displays the previously loaded\n content. This allows for phishing attacks where a\n malicious page can spoof the identify of another\n seemingly secure site. (MFSA 2012-33 / CVE-2012-0479)", "edition": 19, "published": "2012-06-04T00:00:00", "title": "SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8154)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2012-06-04T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FIREFOX10-201205-8154.NASL", "href": "https://www.tenable.com/plugins/nessus/59354", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59354);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n\n script_name(english:\"SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8154)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MozillaFirefox was updated to the 10.0.4 ESR release to fix various\nbugs and security issues.\n\n - Mozilla developers identified and fixed several memory\n safety bugs in the browser engine used in Firefox and\n other Mozilla-based products. Some of these bugs showed\n evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code. (MFSA 2012-20)\n\n In general these flaws cannot be exploited through email\n in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n\no\n\nChristian Holler a reported memory safety and security\nproblem affecting Firefox 11. (CVE-2012-0468)\n\no\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley,\nGary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman,\nJulian Seward, and Olli Pettay reported memory safety\nproblems and crashes that affect Firefox ESR and Firefox 11.\n(CVE-2012-0467)\n\n - Using the Address Sanitizer tool, security researcher\n Aki Helin from OUSPG found that IDBKeyRange of indexedDB\n remains in the XPConnect hashtable instead of being\n unlinked before being destroyed. When it is destroyed,\n this causes a use-after-free, which is potentially\n exploitable. (MFSA 2012-22 / CVE-2012-0469)\n\n - Using the Address Sanitizer tool, security researcher\n Atte Kettunen from OUSPG found a heap corruption in\n gfxImageSurface which allows for invalid frees and\n possible remote code execution. This happens due to\n float error, resulting from graphics values being passed\n through different number systems. (MFSA 2012-23 /\n CVE-2012-0470)\n\n - Anne van Kesteren of Opera Software found a multi-octet\n encoding issue where certain octets will destroy the\n following octets in the processing of some multibyte\n character sets. This can leave users vulnerable to\n cross-site scripting (XSS) attacks on maliciously\n crafted web pages. (MFSA 2012-24 / CVE-2012-0471)\n\n - Security research firm iDefense reported that researcher\n wushi of team509 discovered a memory corruption on\n Windows Vista and Windows 7 systems with hardware\n acceleration disabled or using incompatible video\n drivers. This is created by using cairo-dwrite to\n attempt to render fonts on an unsupported code path.\n This corruption causes a potentially exploitable crash\n on affected systems. (MFSA 2012-25 / CVE-2012-0472)\n\n - Mozilla community member Matias Juntunen discovered an\n error in WebGLBuffer where FindMaxElementInSubArray\n receives wrong template arguments from\n FindMaxUshortElement. This bug causes maximum index to\n be computed incorrectly within WebGL.drawElements,\n allowing the reading of illegal video memory. (MFSA\n 2012-26 / CVE-2012-0473)\n\n - Security researchers Jordi Chancel and Eddy Bordi\n reported that they could short-circuit page loads to\n show the address of a different site than what is loaded\n in the window in the addressbar. Security researcher\n Chris McGowen independently reported the same flaw, and\n further demonstrated that this could lead to loading\n scripts from the attacker's site, leaving users\n vulnerable to cross-site scripting (XSS) attacks. (MFSA\n 2012-27 / CVE-2012-0474)\n\n - Security researcher Simone Fabiano reported that if a\n cross-site XHR or WebSocket is opened on a web server on\n a non-standard port for web traffic while using an IPv6\n address, the browser will send an ambiguous origin\n headers if the IPv6 address contains at least 2\n consecutive 16-bit fields of zeroes. If there is an\n origin access control list that uses IPv6 literals, this\n issue could be used to bypass these access controls on\n the server. (MFSA 2012-28 / CVE-2012-0475)\n\n - Security researcher Masato Kinugawa found that during\n the decoding of ISO-2022-KR and ISO-2022-CN character\n sets, characters near 1024 bytes are treated\n incorrectly, either doubling or deleting bytes. On\n certain pages it might be possible for an attacker to\n pad the output of the page such that these errors fall\n in the right place to affect the structure of the page,\n allowing for cross-site script (XSS) injection. (MFSA\n 2012-29 / CVE-2012-0477)\n\n - Mozilla community member Ms2ger found an image rendering\n issue with WebGL when texImage2D uses use\n JSVAL_TO_OBJECT on arbitrary objects. This can lead to a\n crash on a maliciously crafted web page. While there is\n no evidence that this is directly exploitable, there is\n a possibility of remote code execution. (MFSA 2012-30 /\n CVE-2012-0478)\n\n - Mateusz Jurczyk of the Google Security Team discovered\n an off-by-one error in the OpenType Sanitizer using the\n Address Sanitizer tool. This can lead to an\n out-of-bounds read and execution of an uninitialized\n function pointer during parsing and possible remote code\n execution. (MFSA 2012-31 / CVE-2011-3062)\n\n - Security researcher Daniel Divricean reported that a\n defect in the error handling of JavaScript errors can\n leak the file names and location of JavaScript files on\n a server, leading to inadvertent information disclosure\n and a vector for further attacks. (MFSA 2012-32 /\n CVE-2011-1187)\n\n - Security researcher Jeroen van der Gun reported that if\n RSS or Atom XML invalid content is loaded over HTTPS,\n the addressbar updates to display the new location of\n the loaded resource, including SSL indicators, while the\n main window still displays the previously loaded\n content. This allows for phishing attacks where a\n malicious page can spoof the identify of another\n seemingly secure site. (MFSA 2012-33 / CVE-2012-0479)\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-23.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1187.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3062.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0467.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0468.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0472.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0474.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0475.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0477.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0479.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8154.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-10.0.4-0.7.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-branding-SLED-7-0.8.12\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"MozillaFirefox-translations-10.0.4-0.7.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"beagle-0.2.18-78.13.1.102\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"beagle-evolution-0.2.18-78.13.1.102\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"beagle-firefox-0.2.18-78.13.1.102\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"beagle-gui-0.2.18-78.13.1.102\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"firefox3-gtk2-2.10.6-0.10.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mhtml-firefox-0.5-1.11.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-nss-3.13.4-0.5.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-nss-devel-3.13.4-0.5.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"mozilla-nss-tools-3.13.4-0.5.5\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"firefox3-gtk2-32bit-2.10.6-0.10.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.4-0.5.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-10.0.4-0.7.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-branding-SLED-7-0.8.12\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"MozillaFirefox-translations-10.0.4-0.7.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"firefox3-gtk2-2.10.6-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-nss-3.13.4-0.5.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-nss-devel-3.13.4-0.5.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"mozilla-nss-tools-3.13.4-0.5.5\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"firefox3-gtk2-32bit-2.10.6-0.10.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.13.4-0.5.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T04:06:49", "description": "The installed version of Firefox is earlier than 12.0 and thus, is\npotentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n could lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n that could lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' that could lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists that could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists related to font rendering with 'cairo-\n dwrite' that could cause memory corruption leading to\n crashes and potentially code execution. (CVE-2012-0472)\n\n - An error exists in 'WebGLBuffer' that could lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error could allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports could allow this\n application to send ambiguous origin headers.\n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets that could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n\n - An error exists related to 'WebGL' and 'texImage2D'\n that could allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)", "edition": 29, "published": "2012-04-27T00:00:00", "title": "Firefox < 12.0 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_120.NASL", "href": "https://www.tenable.com/plugins/nessus/58898", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58898);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/17 12:00:07\");\n\n script_cve_id(\n \"CVE-2011-1187\",\n \"CVE-2011-3062\",\n \"CVE-2012-0467\",\n \"CVE-2012-0468\",\n \"CVE-2012-0469\",\n \"CVE-2012-0470\",\n \"CVE-2012-0471\",\n \"CVE-2012-0472\",\n \"CVE-2012-0473\",\n \"CVE-2012-0474\",\n \"CVE-2012-0475\",\n \"CVE-2012-0477\",\n \"CVE-2012-0478\",\n \"CVE-2012-0479\"\n );\n script_bugtraq_id(\n 53218,\n 53219,\n 53220,\n 53221,\n 53222,\n 53223,\n 53224,\n 53225,\n 53227,\n 53228,\n 53229,\n 53230,\n 53231\n );\n\n script_name(english:\"Firefox < 12.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox is earlier than 12.0 and thus, is\npotentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n could lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n that could lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' that could lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists that could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists related to font rendering with 'cairo-\n dwrite' that could cause memory corruption leading to\n crashes and potentially code execution. (CVE-2012-0472)\n\n - An error exists in 'WebGLBuffer' that could lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error could allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports could allow this\n application to send ambiguous origin headers.\n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets that could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n\n - An error exists related to 'WebGL' and 'texImage2D'\n that could allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 12.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'12.0', severity:SECURITY_HOLE, xss:TRUE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T04:10:54", "description": "The installed version of Thunderbird is earlier than 12.0 and thus, \nis potentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n could lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n that could lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' that could lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists that could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists related to font rendering with 'cairo-\n dwrite' that could cause memory corruption leading to \n crashes and potentially code execution. (CVE-2012-0472)\n\n - An error exists in 'WebGLBuffer' that could lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error could allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports could allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets that could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that could allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)", "edition": 29, "published": "2012-04-27T00:00:00", "title": "Mozilla Thunderbird < 12.0 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MOZILLA_THUNDERBIRD_120.NASL", "href": "https://www.tenable.com/plugins/nessus/58900", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58900);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/17 12:00:07\");\n\n script_cve_id(\n \"CVE-2011-1187\",\n \"CVE-2011-3062\",\n \"CVE-2012-0467\",\n \"CVE-2012-0468\",\n \"CVE-2012-0469\",\n \"CVE-2012-0470\",\n \"CVE-2012-0471\",\n \"CVE-2012-0472\",\n \"CVE-2012-0473\",\n \"CVE-2012-0474\",\n \"CVE-2012-0475\",\n \"CVE-2012-0477\",\n \"CVE-2012-0478\",\n \"CVE-2012-0479\"\n );\n script_bugtraq_id(\n 53218,\n 53219,\n 53220,\n 53221,\n 53222,\n 53223,\n 53224,\n 53225,\n 53227,\n 53228,\n 53229,\n 53230,\n 53231\n );\n\n script_name(english:\"Mozilla Thunderbird < 12.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a mail client that is potentially\naffected by several vulnerabilities.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Thunderbird is earlier than 12.0 and thus, \nis potentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n could lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n that could lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' that could lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists that could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists related to font rendering with 'cairo-\n dwrite' that could cause memory corruption leading to \n crashes and potentially code execution. (CVE-2012-0472)\n\n - An error exists in 'WebGLBuffer' that could lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error could allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports could allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets that could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that could allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 12.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Thunderbird/Version\");\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nport = get_kb_item_or_exit(\"SMB/transport\");\n\ninstalls = get_kb_list(\"SMB/Mozilla/Thunderbird/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Thunderbird\");\n\nmozilla_check_version(installs:installs, product:'thunderbird', esr:FALSE, fix:'12.0', severity:SECURITY_HOLE, xss:TRUE);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:58:12", "description": "The installed version of Thunderbird is earlier than 12.0 and thus, is \npotentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n which can lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' which can lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists in 'WebGLBuffer' that can lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports can allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets which could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that can allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)", "edition": 28, "published": "2012-04-27T00:00:00", "title": "Thunderbird < 12.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:thunderbird"], "id": "MACOSX_THUNDERBIRD_12_0.NASL", "href": "https://www.tenable.com/plugins/nessus/58896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58896);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2011-1187\",\n \"CVE-2011-3062\",\n \"CVE-2012-0467\",\n \"CVE-2012-0468\",\n \"CVE-2012-0469\",\n \"CVE-2012-0470\",\n \"CVE-2012-0471\",\n \"CVE-2012-0473\",\n \"CVE-2012-0474\",\n \"CVE-2012-0475\",\n \"CVE-2012-0477\",\n \"CVE-2012-0478\",\n \"CVE-2012-0479\"\n );\n script_bugtraq_id(\n 53219,\n 53220,\n 53221,\n 53222,\n 53223,\n 53224,\n 53225,\n 53227,\n 53228,\n 53229,\n 53230,\n 53231\n );\n\n script_name(english:\"Thunderbird < 12.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Mac OS X host contains a mail client that is potentially\naffected by several vulnerabilities.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Thunderbird is earlier than 12.0 and thus, is \npotentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n which can lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' which can lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists in 'WebGLBuffer' that can lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports can allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets which could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that can allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 12.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'12.0', skippat:'^10\\\\.0\\\\.', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:43:48", "description": "The installed version of Firefox is earlier than 12.0 and thus, is\npotentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n which can lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' which can lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists in 'WebGLBuffer' that can lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports can allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets which can lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that can allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)", "edition": 28, "published": "2012-04-27T00:00:00", "title": "Firefox < 12.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_12_0.NASL", "href": "https://www.tenable.com/plugins/nessus/58894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58894);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2011-1187\",\n \"CVE-2011-3062\",\n \"CVE-2012-0467\",\n \"CVE-2012-0468\",\n \"CVE-2012-0469\",\n \"CVE-2012-0470\",\n \"CVE-2012-0471\",\n \"CVE-2012-0473\",\n \"CVE-2012-0474\",\n \"CVE-2012-0475\",\n \"CVE-2012-0477\",\n \"CVE-2012-0478\",\n \"CVE-2012-0479\"\n );\n script_bugtraq_id(\n 53219,\n 53220,\n 53221,\n 53222,\n 53223,\n 53224,\n 53225,\n 53227,\n 53228,\n 53229,\n 53230,\n 53231\n );\n\n script_name(english:\"Firefox < 12.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox is earlier than 12.0 and thus, is\npotentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n which can lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' which can lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists in 'WebGLBuffer' that can lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports can allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets which can lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that can allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 12.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'12.0', skippat:'^10\\\\.0\\\\.', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:15:07", "description": "USN-1430-1 fixed vulnerabilities in Firefox. This update provides an\nupdated ubufox package for use with the latest Firefox.\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli\nPettay discovered memory safety issues affecting Firefox. If the user\nwere tricked into opening a specially crafted page, an attacker could\nexploit these to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in\nXPConnect. An attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap\ncorruption in gfxImageSurface. If a user were tricked into\nopening a malicious Scalable Vector Graphics (SVG) image\nfile, an attacker could exploit these to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site\nscripting (XSS) vulnerability via multibyte content\nprocessing errors. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's\nWebGL implementation that potentially allows the reading of\nillegal video memory. An attacker could possibly exploit\nthis to cause a denial of service via application crash.\n(CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that\nFirefox allowed the address bar to display a different\nwebsite than the one the user was visiting. This could\npotentially leave the user vulnerable to cross-site\nscripting (XSS) attacks. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send\ncorrect origin headers when connecting to an IPv6 websites.\nAn attacker could potentially use this to bypass intended\naccess controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS)\ninjection is possible during the decoding of ISO-2022-KR and\nISO-2022-CN character sets. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL\ncould cause Firefox to crash. If the user were tricked into\nopening a specially crafted page, an attacker could exploit\nthis to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the\nOpenType Sanitizer. If the user were tricked into opening a\nspecially crafted page, an attacker could exploit this to\ncause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling\nof JavaScript errors can potentially leak the file names and\nlocation of JavaScript files on a server. This could\npotentially lead to inadvertent information disclosure and a\nvector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way\nFirefox handled RSS and Atom feeds. Invalid RSS or ATOM\ncontent loaded over HTTPS caused the location bar to be\nupdated with the address of this content, while the main\nwindow still displays the previously loaded content. An\nattacker could potentially exploit this vulnerability to\nconduct phishing attacks. (CVE-2012-0479).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2012-04-30T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 : ubufox update (USN-1430-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:xul-ext-ubufox"], "id": "UBUNTU_USN-1430-2.NASL", "href": "https://www.tenable.com/plugins/nessus/58923", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1430-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58923);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n script_xref(name:\"USN\", value:\"1430-2\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 : ubufox update (USN-1430-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1430-1 fixed vulnerabilities in Firefox. This update provides an\nupdated ubufox package for use with the latest Firefox.\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli\nPettay discovered memory safety issues affecting Firefox. If the user\nwere tricked into opening a specially crafted page, an attacker could\nexploit these to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in\nXPConnect. An attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap\ncorruption in gfxImageSurface. If a user were tricked into\nopening a malicious Scalable Vector Graphics (SVG) image\nfile, an attacker could exploit these to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site\nscripting (XSS) vulnerability via multibyte content\nprocessing errors. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's\nWebGL implementation that potentially allows the reading of\nillegal video memory. An attacker could possibly exploit\nthis to cause a denial of service via application crash.\n(CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that\nFirefox allowed the address bar to display a different\nwebsite than the one the user was visiting. This could\npotentially leave the user vulnerable to cross-site\nscripting (XSS) attacks. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send\ncorrect origin headers when connecting to an IPv6 websites.\nAn attacker could potentially use this to bypass intended\naccess controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS)\ninjection is possible during the decoding of ISO-2022-KR and\nISO-2022-CN character sets. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL\ncould cause Firefox to crash. If the user were tricked into\nopening a specially crafted page, an attacker could exploit\nthis to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the\nOpenType Sanitizer. If the user were tricked into opening a\nspecially crafted page, an attacker could exploit this to\ncause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling\nof JavaScript errors can potentially leak the file names and\nlocation of JavaScript files on a server. This could\npotentially lead to inadvertent information disclosure and a\nvector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way\nFirefox handled RSS and Atom feeds. Invalid RSS or ATOM\ncontent loaded over HTTPS caused the location bar to be\nupdated with the address of this content, while the main\nwindow still displays the previously loaded content. An\nattacker could potentially exploit this vulnerability to\nconduct phishing attacks. (CVE-2012-0479).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1430-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xul-ext-ubufox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xul-ext-ubufox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"xul-ext-ubufox\", pkgver:\"0.9.5-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"xul-ext-ubufox\", pkgver:\"0.9.5-0ubuntu1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"xul-ext-ubufox\", pkgver:\"1.0.4-0ubuntu1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xul-ext-ubufox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:15:07", "description": "Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli\nPettay discovered memory safety issues affecting Firefox. If the user\nwere tricked into opening a specially crafted page, an attacker could\nexploit these to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An\nattacker could potentially exploit this to execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in\ngfxImageSurface. If a user were tricked into opening a malicious\nScalable Vector Graphics (SVG) image file, an attacker could exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS)\nvulnerability via multibyte content processing errors. With cross-site\nscripting vulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this to modify\nthe contents, or steal confidential data, within the same domain.\n(CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's WebGL\nimplementation that potentially allows the reading of illegal video\nmemory. An attacker could possibly exploit this to cause a denial of\nservice via application crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox\nallowed the address bar to display a different website than the one\nthe user was visiting. This could potentially leave the user\nvulnerable to cross-site scripting (XSS) attacks. With cross-site\nscripting vulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this to modify\nthe contents, or steal confidential data, within the same domain.\n(CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct\norigin headers when connecting to an IPv6 websites. An attacker could\npotentially use this to bypass intended access controls.\n(CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection\nis possible during the decoding of ISO-2022-KR and ISO-2022-CN\ncharacter sets. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing a specially crafted page, a remote attacker\ncould exploit this to modify the contents, or steal confidential data,\nwithin the same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause\nFirefox to crash. If the user were tricked into opening a specially\ncrafted page, an attacker could exploit this to cause a denial of\nservice via application crash, or potentially execute code with the\nprivileges of the user invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType\nSanitizer. If the user were tricked into opening a specially crafted\npage, an attacker could exploit this to cause a denial of service via\napplication crash, or potentially execute code with the privileges of\nthe user invoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of\nJavaScript errors can potentially leak the file names and location of\nJavaScript files on a server. This could potentially lead to\ninadvertent information disclosure and a vector for further attacks.\n(CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox\nhandled RSS and Atom feeds. Invalid RSS or ATOM content loaded over\nHTTPS caused the location bar to be updated with the address of this\ncontent, while the main window still displays the previously loaded\ncontent. An attacker could potentially exploit this vulnerability to\nconduct phishing attacks. (CVE-2012-0479).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2012-04-30T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1430-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1430-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1430-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58922);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n script_xref(name:\"USN\", value:\"1430-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : firefox vulnerabilities (USN-1430-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli\nPettay discovered memory safety issues affecting Firefox. If the user\nwere tricked into opening a specially crafted page, an attacker could\nexploit these to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An\nattacker could potentially exploit this to execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in\ngfxImageSurface. If a user were tricked into opening a malicious\nScalable Vector Graphics (SVG) image file, an attacker could exploit\nthese to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS)\nvulnerability via multibyte content processing errors. With cross-site\nscripting vulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this to modify\nthe contents, or steal confidential data, within the same domain.\n(CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's WebGL\nimplementation that potentially allows the reading of illegal video\nmemory. An attacker could possibly exploit this to cause a denial of\nservice via application crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox\nallowed the address bar to display a different website than the one\nthe user was visiting. This could potentially leave the user\nvulnerable to cross-site scripting (XSS) attacks. With cross-site\nscripting vulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this to modify\nthe contents, or steal confidential data, within the same domain.\n(CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct\norigin headers when connecting to an IPv6 websites. An attacker could\npotentially use this to bypass intended access controls.\n(CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection\nis possible during the decoding of ISO-2022-KR and ISO-2022-CN\ncharacter sets. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing a specially crafted page, a remote attacker\ncould exploit this to modify the contents, or steal confidential data,\nwithin the same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause\nFirefox to crash. If the user were tricked into opening a specially\ncrafted page, an attacker could exploit this to cause a denial of\nservice via application crash, or potentially execute code with the\nprivileges of the user invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType\nSanitizer. If the user were tricked into opening a specially crafted\npage, an attacker could exploit this to cause a denial of service via\napplication crash, or potentially execute code with the privileges of\nthe user invoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of\nJavaScript errors can potentially leak the file names and location of\nJavaScript files on a server. This could potentially lead to\ninadvertent information disclosure and a vector for further attacks.\n(CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox\nhandled RSS and Atom feeds. Invalid RSS or ATOM content loaded over\nHTTPS caused the location bar to be updated with the address of this\ncontent, while the main window still displays the previously loaded\ncontent. An attacker could potentially exploit this vulnerability to\nconduct phishing attacks. (CVE-2012-0479).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1430-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"firefox\", pkgver:\"12.0+build1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"firefox\", pkgver:\"12.0+build1-0ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"firefox\", pkgver:\"12.0+build1-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"firefox\", pkgver:\"12.0+build1-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T07:15:08", "description": "USN-1430-1 fixed vulnerabilities in Firefox. This update provides the\ncorresponding fixes for Thunderbird.\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli\nPettay discovered memory safety issues affecting Firefox. If the user\nwere tricked into opening a specially crafted page, an attacker could\nexploit these to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in\nXPConnect. An attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap\ncorruption in gfxImageSurface. If a user were tricked into\nopening a malicious Scalable Vector Graphics (SVG) image\nfile, an attacker could exploit these to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site\nscripting (XSS) vulnerability via multibyte content\nprocessing errors. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's\nWebGL implementation that potentially allows the reading of\nillegal video memory. An attacker could possibly exploit\nthis to cause a denial of service via application crash.\n(CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that\nFirefox allowed the address bar to display a different\nwebsite than the one the user was visiting. This could\npotentially leave the user vulnerable to cross-site\nscripting (XSS) attacks. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send\ncorrect origin headers when connecting to an IPv6 websites.\nAn attacker could potentially use this to bypass intended\naccess controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS)\ninjection is possible during the decoding of ISO-2022-KR and\nISO-2022-CN character sets. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL\ncould cause Firefox to crash. If the user were tricked into\nopening a specially crafted page, an attacker could exploit\nthis to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the\nOpenType Sanitizer. If the user were tricked into opening a\nspecially crafted page, an attacker could exploit this to\ncause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling\nof JavaScript errors can potentially leak the file names and\nlocation of JavaScript files on a server. This could\npotentially lead to inadvertent information disclosure and a\nvector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way\nFirefox handled RSS and Atom feeds. Invalid RSS or ATOM\ncontent loaded over HTTPS caused the location bar to be\nupdated with the address of this content, while the main\nwindow still displays the previously loaded content. An\nattacker could potentially exploit this vulnerability to\nconduct phishing attacks. (CVE-2012-0479).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2012-05-07T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1430-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:thunderbird", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1430-3.NASL", "href": "https://www.tenable.com/plugins/nessus/59015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1430-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59015);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n script_bugtraq_id(46785, 53219, 53220, 53221, 53222, 53223, 53224, 53225, 53227, 53228, 53229, 53230, 53231);\n script_xref(name:\"USN\", value:\"1430-3\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1430-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1430-1 fixed vulnerabilities in Firefox. This update provides the\ncorresponding fixes for Thunderbird.\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli\nPettay discovered memory safety issues affecting Firefox. If the user\nwere tricked into opening a specially crafted page, an attacker could\nexploit these to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user invoking\nFirefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in\nXPConnect. An attacker could potentially exploit this to\nexecute arbitrary code with the privileges of the user\ninvoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap\ncorruption in gfxImageSurface. If a user were tricked into\nopening a malicious Scalable Vector Graphics (SVG) image\nfile, an attacker could exploit these to cause a denial of\nservice via application crash, or potentially execute code\nwith the privileges of the user invoking Firefox.\n(CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site\nscripting (XSS) vulnerability via multibyte content\nprocessing errors. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's\nWebGL implementation that potentially allows the reading of\nillegal video memory. An attacker could possibly exploit\nthis to cause a denial of service via application crash.\n(CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that\nFirefox allowed the address bar to display a different\nwebsite than the one the user was visiting. This could\npotentially leave the user vulnerable to cross-site\nscripting (XSS) attacks. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send\ncorrect origin headers when connecting to an IPv6 websites.\nAn attacker could potentially use this to bypass intended\naccess controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS)\ninjection is possible during the decoding of ISO-2022-KR and\nISO-2022-CN character sets. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a\nspecially crafted page, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within\nthe same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL\ncould cause Firefox to crash. If the user were tricked into\nopening a specially crafted page, an attacker could exploit\nthis to cause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the\nOpenType Sanitizer. If the user were tricked into opening a\nspecially crafted page, an attacker could exploit this to\ncause a denial of service via application crash, or\npotentially execute code with the privileges of the user\ninvoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling\nof JavaScript errors can potentially leak the file names and\nlocation of JavaScript files on a server. This could\npotentially lead to inadvertent information disclosure and a\nvector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way\nFirefox handled RSS and Atom feeds. Invalid RSS or ATOM\ncontent loaded over HTTPS caused the location bar to be\nupdated with the address of this content, while the main\nwindow still displays the previously loaded content. An\nattacker could potentially exploit this vulnerability to\nconduct phishing attacks. (CVE-2012-0479).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1430-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected thunderbird package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"thunderbird\", pkgver:\"12.0.1+build1-0ubuntu0.10.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"thunderbird\", pkgver:\"12.0.1+build1-0ubuntu0.11.04.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"thunderbird\", pkgver:\"12.0.1+build1-0ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"thunderbird\", pkgver:\"12.0.1+build1-0ubuntu0.12.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:10:41", "description": "An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird\nto help prevent potential exploits in malformed OpenType fonts.\nMalicious content could cause Thunderbird to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2011-3062)\n\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nContent containing a malicious Scalable Vector Graphics (SVG) image\nfile could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0470)\n\nA flaw was found in the way Thunderbird used its embedded Cairo\nlibrary to render certain fonts. Malicious content could cause\nThunderbird to crash or, under certain conditions, possibly execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0472)\n\nA flaw was found in the way Thunderbird rendered certain images using\nWebGL. Malicious content could cause Thunderbird to crash or, under\ncertain conditions, possibly execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird\nhandled certain multibyte character sets. Malicious content could\ncause Thunderbird to run JavaScript code with the permissions of\ndifferent content. (CVE-2012-0471)\n\nA flaw was found in the way Thunderbird rendered certain graphics\nusing WebGL. Malicious content could cause Thunderbird to crash.\n(CVE-2012-0473)\n\nA flaw in the built-in feed reader in Thunderbird allowed the Website\nfield to display the address of different content than the content the\nuser was visiting. An attacker could use this flaw to conceal a\nmalicious URL, possibly tricking a user into believing they are\nviewing a trusted site, or allowing scripts to be loaded from the\nattacker's site, possibly leading to cross-site scripting (XSS)\nattacks. (CVE-2012-0474)\n\nA flaw was found in the way Thunderbird decoded the ISO-2022-KR and\nISO-2022-CN character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0477)\n\nA flaw was found in the way the built-in feed reader in Thunderbird\nhandled RSS and Atom feeds. Invalid RSS or Atom content loaded over\nHTTPS caused Thunderbird to display the address of said content, but\nnot the content. The previous content continued to be displayed. An\nattacker could use this flaw to perform phishing attacks, or trick\nusers into thinking they are visiting the site reported by the Website\nfield, when the page is actually content controlled by an attacker.\n(CVE-2012-0479)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Mateusz Jurczyk of the Google Security\nTeam as the original reporter of CVE-2011-3062; Aki Helin from OUSPG\nas the original reporter of CVE-2012-0469; Atte Kettunen from OUSPG as\nthe original reporter of CVE-2012-0470; wushi of team509 via iDefense\nas the original reporter of CVE-2012-0472; Ms2ger as the original\nreporter of CVE-2012-0478; Anne van Kesteren of Opera Software as the\noriginal reporter of CVE-2012-0471; Matias Juntunen as the original\nreporter of CVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris\nMcGowen as the original reporters of CVE-2012-0474; Masato Kinugawa as\nthe original reporter of CVE-2012-0477; and Jeroen van der Gun as the\noriginal reporter of CVE-2012-0479.\n\nNote: All issues except CVE-2012-0470, CVE-2012-0472, and\nCVE-2011-3062 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. It\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.", "edition": 23, "published": "2012-04-25T00:00:00", "title": "RHEL 5 / 6 : thunderbird (RHSA-2012:0516)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "modified": "2012-04-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:thunderbird", "p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo", "cpe:/o:redhat:enterprise_linux:6.2", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2012-0516.NASL", "href": "https://www.tenable.com/plugins/nessus/58868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0516. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58868);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n script_bugtraq_id(53218, 53219, 53220, 53221, 53222, 53223, 53224, 53225, 53227, 53228, 53229, 53231);\n script_xref(name:\"RHSA\", value:\"2012:0516\");\n\n script_name(english:\"RHEL 5 / 6 : thunderbird (RHSA-2012:0516)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An updated thunderbird package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird\nto help prevent potential exploits in malformed OpenType fonts.\nMalicious content could cause Thunderbird to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the\nuser running Thunderbird. (CVE-2011-3062)\n\nMalicious content could cause Thunderbird to crash or, potentially,\nexecute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nContent containing a malicious Scalable Vector Graphics (SVG) image\nfile could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0470)\n\nA flaw was found in the way Thunderbird used its embedded Cairo\nlibrary to render certain fonts. Malicious content could cause\nThunderbird to crash or, under certain conditions, possibly execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0472)\n\nA flaw was found in the way Thunderbird rendered certain images using\nWebGL. Malicious content could cause Thunderbird to crash or, under\ncertain conditions, possibly execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird\nhandled certain multibyte character sets. Malicious content could\ncause Thunderbird to run JavaScript code with the permissions of\ndifferent content. (CVE-2012-0471)\n\nA flaw was found in the way Thunderbird rendered certain graphics\nusing WebGL. Malicious content could cause Thunderbird to crash.\n(CVE-2012-0473)\n\nA flaw in the built-in feed reader in Thunderbird allowed the Website\nfield to display the address of different content than the content the\nuser was visiting. An attacker could use this flaw to conceal a\nmalicious URL, possibly tricking a user into believing they are\nviewing a trusted site, or allowing scripts to be loaded from the\nattacker's site, possibly leading to cross-site scripting (XSS)\nattacks. (CVE-2012-0474)\n\nA flaw was found in the way Thunderbird decoded the ISO-2022-KR and\nISO-2022-CN character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0477)\n\nA flaw was found in the way the built-in feed reader in Thunderbird\nhandled RSS and Atom feeds. Invalid RSS or Atom content loaded over\nHTTPS caused Thunderbird to display the address of said content, but\nnot the content. The previous content continued to be displayed. An\nattacker could use this flaw to perform phishing attacks, or trick\nusers into thinking they are visiting the site reported by the Website\nfield, when the page is actually content controlled by an attacker.\n(CVE-2012-0479)\n\nRed Hat would like to thank the Mozilla project for reporting these\nissues. Upstream acknowledges Mateusz Jurczyk of the Google Security\nTeam as the original reporter of CVE-2011-3062; Aki Helin from OUSPG\nas the original reporter of CVE-2012-0469; Atte Kettunen from OUSPG as\nthe original reporter of CVE-2012-0470; wushi of team509 via iDefense\nas the original reporter of CVE-2012-0472; Ms2ger as the original\nreporter of CVE-2012-0478; Anne van Kesteren of Opera Software as the\noriginal reporter of CVE-2012-0471; Matias Juntunen as the original\nreporter of CVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris\nMcGowen as the original reporters of CVE-2012-0474; Masato Kinugawa as\nthe original reporter of CVE-2012-0477; and Jeroen van der Gun as the\noriginal reporter of CVE-2012-0479.\n\nNote: All issues except CVE-2012-0470, CVE-2012-0472, and\nCVE-2011-3062 cannot be exploited by a specially crafted HTML mail\nmessage as JavaScript is disabled by default for mail messages. It\ncould be exploited another way in Thunderbird, for example, when\nviewing the full remote content of an RSS feed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-0470\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected thunderbird and / or thunderbird-debuginfo\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thunderbird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0516\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"thunderbird-10.0.4-1.el5_8\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"thunderbird-10.0.4-1.el5_8\", allowmaj:TRUE)) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-10.0.4-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-10.0.4-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-10.0.4-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"thunderbird-debuginfo-10.0.4-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"thunderbird-debuginfo-10.0.4-1.el6_2\", allowmaj:TRUE)) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"thunderbird-debuginfo-10.0.4-1.el6_2\", allowmaj:TRUE)) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"thunderbird / thunderbird-debuginfo\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:39", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "USN-1430-1 fixed vulnerabilities in Firefox. This update provides the \ncorresponding fixes for Thunderbird.\n\nOriginal advisory details:\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, \nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay \ndiscovered memory safety issues affecting Firefox. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit these to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-0467, \nCVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An \nattacker could potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in \ngfxImageSurface. If a user were tricked into opening a malicious Scalable \nVector Graphics (SVG) image file, an attacker could exploit these to cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) \nvulnerability via multibyte content processing errors. With cross-site \nscripting vulnerabilities, if a user were tricked into viewing a specially \ncrafted page, a remote attacker could exploit this to modify the contents, \nor steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's WebGL \nimplementation that potentially allows the reading of illegal video memory. \nAn attacker could possibly exploit this to cause a denial of service via \napplication crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox \nallowed the address bar to display a different website than the one the \nuser was visiting. This could potentially leave the user vulnerable to \ncross-site scripting (XSS) attacks. With cross-site scripting \nvulnerabilities, if a user were tricked into viewing a specially crafted \npage, a remote attacker could exploit this to modify the contents, or steal \nconfidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin \nheaders when connecting to an IPv6 websites. An attacker could potentially \nuse this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is \npossible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. \nWith cross-site scripting vulnerabilities, if a user were tricked into \nviewing a specially crafted page, a remote attacker could exploit this to \nmodify the contents, or steal confidential data, within the same domain. \n(CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause \nFirefox to crash. If the user were tricked into opening a specially crafted \npage, an attacker could exploit this to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. \nIf the user were tricked into opening a specially crafted page, an attacker \ncould exploit this to cause a denial of service via application crash, or \npotentially execute code with the privileges of the user invoking Firefox. \n(CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript \nerrors can potentially leak the file names and location of JavaScript files \non a server. This could potentially lead to inadvertent information \ndisclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled \nRSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused \nthe location bar to be updated with the address of this content, while the \nmain window still displays the previously loaded content. An attacker could \npotentially exploit this vulnerability to conduct phishing attacks. \n(CVE-2012-0479)", "edition": 5, "modified": "2012-05-04T00:00:00", "published": "2012-05-04T00:00:00", "id": "USN-1430-3", "href": "https://ubuntu.com/security/notices/USN-1430-3", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:35:18", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, \nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay \ndiscovered memory safety issues affecting Firefox. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit these to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-0467, \nCVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An \nattacker could potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in \ngfxImageSurface. If a user were tricked into opening a malicious Scalable \nVector Graphics (SVG) image file, an attacker could exploit these to cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) \nvulnerability via multibyte content processing errors. With cross-site \nscripting vulnerabilities, if a user were tricked into viewing a specially \ncrafted page, a remote attacker could exploit this to modify the contents, \nor steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's WebGL \nimplementation that potentially allows the reading of illegal video memory. \nAn attacker could possibly exploit this to cause a denial of service via \napplication crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox \nallowed the address bar to display a different website than the one the \nuser was visiting. This could potentially leave the user vulnerable to \ncross-site scripting (XSS) attacks. With cross-site scripting \nvulnerabilities, if a user were tricked into viewing a specially crafted \npage, a remote attacker could exploit this to modify the contents, or steal \nconfidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin \nheaders when connecting to an IPv6 websites. An attacker could potentially \nuse this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is \npossible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. \nWith cross-site scripting vulnerabilities, if a user were tricked into \nviewing a specially crafted page, a remote attacker could exploit this to \nmodify the contents, or steal confidential data, within the same domain. \n(CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause \nFirefox to crash. If the user were tricked into opening a specially crafted \npage, an attacker could exploit this to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. \nIf the user were tricked into opening a specially crafted page, an attacker \ncould exploit this to cause a denial of service via application crash, or \npotentially execute code with the privileges of the user invoking Firefox. \n(CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript \nerrors can potentially leak the file names and location of JavaScript files \non a server. This could potentially lead to inadvertent information \ndisclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled \nRSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused \nthe location bar to be updated with the address of this content, while the \nmain window still displays the previously loaded content. An attacker could \npotentially exploit this vulnerability to conduct phishing attacks. \n(CVE-2012-0479)", "edition": 5, "modified": "2012-04-27T00:00:00", "published": "2012-04-27T00:00:00", "id": "USN-1430-1", "href": "https://ubuntu.com/security/notices/USN-1430-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:41:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "USN-1430-1 fixed vulnerabilities in Firefox. This update provides an \nupdated ubufox package for use with the latest Firefox.\n\nOriginal advisory details:\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, \nHilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay \ndiscovered memory safety issues affecting Firefox. If the user were tricked \ninto opening a specially crafted page, an attacker could exploit these to \ncause a denial of service via application crash, or potentially execute \ncode with the privileges of the user invoking Firefox. (CVE-2012-0467, \nCVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An \nattacker could potentially exploit this to execute arbitrary code with the \nprivileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in \ngfxImageSurface. If a user were tricked into opening a malicious Scalable \nVector Graphics (SVG) image file, an attacker could exploit these to cause \na denial of service via application crash, or potentially execute code with \nthe privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) \nvulnerability via multibyte content processing errors. With cross-site \nscripting vulnerabilities, if a user were tricked into viewing a specially \ncrafted page, a remote attacker could exploit this to modify the contents, \nor steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox's WebGL \nimplementation that potentially allows the reading of illegal video memory. \nAn attacker could possibly exploit this to cause a denial of service via \napplication crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox \nallowed the address bar to display a different website than the one the \nuser was visiting. This could potentially leave the user vulnerable to \ncross-site scripting (XSS) attacks. With cross-site scripting \nvulnerabilities, if a user were tricked into viewing a specially crafted \npage, a remote attacker could exploit this to modify the contents, or steal \nconfidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin \nheaders when connecting to an IPv6 websites. An attacker could potentially \nuse this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is \npossible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. \nWith cross-site scripting vulnerabilities, if a user were tricked into \nviewing a specially crafted page, a remote attacker could exploit this to \nmodify the contents, or steal confidential data, within the same domain. \n(CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause \nFirefox to crash. If the user were tricked into opening a specially crafted \npage, an attacker could exploit this to cause a denial of service via \napplication crash, or potentially execute code with the privileges of the \nuser invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. \nIf the user were tricked into opening a specially crafted page, an attacker \ncould exploit this to cause a denial of service via application crash, or \npotentially execute code with the privileges of the user invoking Firefox. \n(CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript \nerrors can potentially leak the file names and location of JavaScript files \non a server. This could potentially lead to inadvertent information \ndisclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled \nRSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused \nthe location bar to be updated with the address of this content, while the \nmain window still displays the previously loaded content. An attacker could \npotentially exploit this vulnerability to conduct phishing attacks. \n(CVE-2012-0479)", "edition": 5, "modified": "2012-04-27T00:00:00", "published": "2012-04-27T00:00:00", "id": "USN-1430-2", "href": "https://ubuntu.com/security/notices/USN-1430-2", "title": "ubufox update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:19:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1430-2", "modified": "2017-12-01T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:840992", "href": "http://plugins.openvas.org/nasl.php?oid=840992", "type": "openvas", "title": "Ubuntu Update for ubufox USN-1430-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1430_2.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for ubufox USN-1430-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1430-1 fixed vulnerabilities in Firefox. This update provides an\n updated ubufox package for use with the latest Firefox.\n\n Original advisory details:\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\n Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay\n discovered memory safety issues affecting Firefox. If the user were tricked\n into opening a specially crafted page, an attacker could exploit these to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Firefox. (CVE-2012-0467,\n CVE-2012-0468)\n\n Aki Helin discovered a use-after-free vulnerability in XPConnect. An\n attacker could potentially exploit this to execute arbitrary code with the\n privileges of the user invoking Firefox. (CVE-2012-0469)\n\n Atte Kettunen discovered that invalid frees cause heap corruption in\n gfxImageSurface. If a user were tricked into opening a malicious Scalable\n Vector Graphics (SVG) image file, an attacker could exploit these to cause\n a denial of service via application crash, or potentially execute code with\n the privileges of the user invoking Firefox. (CVE-2012-0470)\n\n Anne van Kesteren discovered a potential cross-site scripting (XSS)\n vulnerability via multibyte content processing errors. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing a specially\n crafted page, a remote attacker could exploit this to modify the contents,\n or steal confidential data, within the same domain. (CVE-2012-0471)\n\n Matias Juntunen discovered a vulnerability in Firefox's WebGL\n implementation that potentially allows the reading of illegal video memory.\n An attacker could possibly exploit this to cause a denial of service via\n application crash. (CVE-2012-0473)\n\n Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox\n allowed the address bar to display a different website than the one the\n user was visiting. This could potentially leave the user vulnerable to\n cross-site scripting (XSS) attacks. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n page, a remote attacker could exploit this to modify the contents, or steal\n confidential data, within the same domain. (CVE-2012-0474)\n\n Simone Fabiano discovered that Firefox did not always send correct origin\n headers when connecting to an IPv6 websites. An attacker could potentially\n use this to bypass intended access controls. (CVE-2012-0475)\n\n Masato Kinugawa discovered that cross-site scr ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1430-2\";\ntag_affected = \"ubufox on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1430-2/\");\n script_id(840992);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:09:55 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\",\n \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\",\n \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2011-3062\", \"CVE-2011-1187\",\n \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1430-2\");\n script_name(\"Ubuntu Update for ubufox USN-1430-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xul-ext-ubufox\", ver:\"0.9.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xul-ext-ubufox\", ver:\"1.0.4-0ubuntu1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xul-ext-ubufox\", ver:\"0.9.5-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1430-2", "modified": "2019-03-13T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:1361412562310840992", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840992", "type": "openvas", "title": "Ubuntu Update for ubufox USN-1430-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1430_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for ubufox USN-1430-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1430-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840992\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:09:55 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\",\n \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\",\n \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2011-3062\", \"CVE-2011-1187\",\n \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1430-2\");\n script_name(\"Ubuntu Update for ubufox USN-1430-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1430-2\");\n script_tag(name:\"affected\", value:\"ubufox on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1430-1 fixed vulnerabilities in Firefox. This update provides an\n updated ubufox package for use with the latest Firefox.\n\n Original advisory details:\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\n Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay\n discovered memory safety issues affecting Firefox. If the user were tricked\n into opening a specially crafted page, an attacker could exploit these to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Firefox. (CVE-2012-0467,\n CVE-2012-0468)\n\n Aki Helin discovered a use-after-free vulnerability in XPConnect. An\n attacker could potentially exploit this to execute arbitrary code with the\n privileges of the user invoking Firefox. (CVE-2012-0469)\n\n Atte Kettunen discovered that invalid frees cause heap corruption in\n gfxImageSurface. If a user were tricked into opening a malicious Scalable\n Vector Graphics (SVG) image file, an attacker could exploit these to cause\n a denial of service via application crash, or potentially execute code with\n the privileges of the user invoking Firefox. (CVE-2012-0470)\n\n Anne van Kesteren discovered a potential cross-site scripting (XSS)\n vulnerability via multibyte content processing errors. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing a specially\n crafted page, a remote attacker could exploit this to modify the contents,\n or steal confidential data, within the same domain. (CVE-2012-0471)\n\n Matias Juntunen discovered a vulnerability in Firefox's WebGL\n implementation that potentially allows the reading of illegal video memory.\n An attacker could possibly exploit this to cause a denial of service via\n application crash. (CVE-2012-0473)\n\n Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox\n allowed the address bar to display a different website than the one the\n user was visiting. This could potentially leave the user vulnerable to\n cross-site scripting (XSS) attacks. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n page, a remote attacker could exploit this to modify the contents, or steal\n confidential data, within the same domain. (CVE-2012-0474)\n\n Simone Fabiano discovered that Firefox did not always send correct origin\n headers when connecting to an IPv6 websites. An attacker could potentially\n use this to bypass intended access controls. (CVE-2012-0475)\n\n Masato Kinugawa discovered that cross-site scr ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xul-ext-ubufox\", ver:\"0.9.5-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xul-ext-ubufox\", ver:\"1.0.4-0ubuntu1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xul-ext-ubufox\", ver:\"0.9.5-0ubuntu1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:20:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1430-1", "modified": "2017-12-01T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:840991", "href": "http://plugins.openvas.org/nasl.php?oid=840991", "type": "openvas", "title": "Ubuntu Update for firefox USN-1430-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1430_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for firefox USN-1430-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\n Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay\n discovered memory safety issues affecting Firefox. If the user were tricked\n into opening a specially crafted page, an attacker could exploit these to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Firefox. (CVE-2012-0467,\n CVE-2012-0468)\n\n Aki Helin discovered a use-after-free vulnerability in XPConnect. An\n attacker could potentially exploit this to execute arbitrary code with the\n privileges of the user invoking Firefox. (CVE-2012-0469)\n\n Atte Kettunen discovered that invalid frees cause heap corruption in\n gfxImageSurface. If a user were tricked into opening a malicious Scalable\n Vector Graphics (SVG) image file, an attacker could exploit these to cause\n a denial of service via application crash, or potentially execute code with\n the privileges of the user invoking Firefox. (CVE-2012-0470)\n\n Anne van Kesteren discovered a potential cross-site scripting (XSS)\n vulnerability via multibyte content processing errors. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing a specially\n crafted page, a remote attacker could exploit this to modify the contents,\n or steal confidential data, within the same domain. (CVE-2012-0471)\n\n Matias Juntunen discovered a vulnerability in Firefox's WebGL\n implementation that potentially allows the reading of illegal video memory.\n An attacker could possibly exploit this to cause a denial of service via\n application crash. (CVE-2012-0473)\n\n Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox\n allowed the address bar to display a different website than the one the\n user was visiting. This could potentially leave the user vulnerable to\n cross-site scripting (XSS) attacks. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n page, a remote attacker could exploit this to modify the contents, or steal\n confidential data, within the same domain. (CVE-2012-0474)\n\n Simone Fabiano discovered that Firefox did not always send correct origin\n headers when connecting to an IPv6 websites. An attacker could potentially\n use this to bypass intended access controls. (CVE-2012-0475)\n\n Masato Kinugawa discovered that cross-site scripting (XSS) injection is\n possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets.\n With cross-site scripting vulnerabilities, if a user were ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1430-1\";\ntag_affected = \"firefox on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1430-1/\");\n script_id(840991);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:08:59 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\",\n \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\",\n \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2011-3062\", \"CVE-2011-1187\",\n \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1430-1\");\n script_name(\"Ubuntu Update for firefox USN-1430-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"12.0+build1-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"12.0+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"12.0+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:21:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1430-3", "modified": "2017-12-01T00:00:00", "published": "2012-05-08T00:00:00", "id": "OPENVAS:841000", "href": "http://plugins.openvas.org/nasl.php?oid=841000", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1430-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1430_3.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for thunderbird USN-1430-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1430-1 fixed vulnerabilities in Firefox. This update provides the\n corresponding fixes for Thunderbird.\n\n Original advisory details:\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\n Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay\n discovered memory safety issues affecting Firefox. If the user were tricked\n into opening a specially crafted page, an attacker could exploit these to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Firefox. (CVE-2012-0467,\n CVE-2012-0468)\n\n Aki Helin discovered a use-after-free vulnerability in XPConnect. An\n attacker could potentially exploit this to execute arbitrary code with the\n privileges of the user invoking Firefox. (CVE-2012-0469)\n\n Atte Kettunen discovered that invalid frees cause heap corruption in\n gfxImageSurface. If a user were tricked into opening a malicious Scalable\n Vector Graphics (SVG) image file, an attacker could exploit these to cause\n a denial of service via application crash, or potentially execute code with\n the privileges of the user invoking Firefox. (CVE-2012-0470)\n\n Anne van Kesteren discovered a potential cross-site scripting (XSS)\n vulnerability via multibyte content processing errors. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing a specially\n crafted page, a remote attacker could exploit this to modify the contents,\n or steal confidential data, within the same domain. (CVE-2012-0471)\n\n Matias Juntunen discovered a vulnerability in Firefox's WebGL\n implementation that potentially allows the reading of illegal video memory.\n An attacker could possibly exploit this to cause a denial of service via\n application crash. (CVE-2012-0473)\n\n Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox\n allowed the address bar to display a different website than the one the\n user was visiting. This could potentially leave the user vulnerable to\n cross-site scripting (XSS) attacks. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n page, a remote attacker could exploit this to modify the contents, or steal\n confidential data, within the same domain. (CVE-2012-0474)\n\n Simone Fabiano discovered that Firefox did not always send correct origin\n headers when connecting to an IPv6 websites. An attacker could potentially\n use this to bypass intended access controls. (CVE-2012-0475)\n\n Masato Kinugawa discovered that cross- ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1430-3\";\ntag_affected = \"thunderbird on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1430-3/\");\n script_id(841000);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:36:18 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\",\n \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\",\n \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2011-3062\", \"CVE-2011-1187\",\n \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1430-3\");\n script_name(\"Ubuntu Update for thunderbird USN-1430-3\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"12.0.1+build1-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"12.0.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"12.0.1+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"12.0.1+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1430-3", "modified": "2019-03-13T00:00:00", "published": "2012-05-08T00:00:00", "id": "OPENVAS:1361412562310841000", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841000", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-1430-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1430_3.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-1430-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1430-3/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841000\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:36:18 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\",\n \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\",\n \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2011-3062\", \"CVE-2011-1187\",\n \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1430-3\");\n script_name(\"Ubuntu Update for thunderbird USN-1430-3\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1430-3\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1430-1 fixed vulnerabilities in Firefox. This update provides the\n corresponding fixes for Thunderbird.\n\n Original advisory details:\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\n Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay\n discovered memory safety issues affecting Firefox. If the user were tricked\n into opening a specially crafted page, an attacker could exploit these to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Firefox. (CVE-2012-0467,\n CVE-2012-0468)\n\n Aki Helin discovered a use-after-free vulnerability in XPConnect. An\n attacker could potentially exploit this to execute arbitrary code with the\n privileges of the user invoking Firefox. (CVE-2012-0469)\n\n Atte Kettunen discovered that invalid frees cause heap corruption in\n gfxImageSurface. If a user were tricked into opening a malicious Scalable\n Vector Graphics (SVG) image file, an attacker could exploit these to cause\n a denial of service via application crash, or potentially execute code with\n the privileges of the user invoking Firefox. (CVE-2012-0470)\n\n Anne van Kesteren discovered a potential cross-site scripting (XSS)\n vulnerability via multibyte content processing errors. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing a specially\n crafted page, a remote attacker could exploit this to modify the contents,\n or steal confidential data, within the same domain. (CVE-2012-0471)\n\n Matias Juntunen discovered a vulnerability in Firefox's WebGL\n implementation that potentially allows the reading of illegal video memory.\n An attacker could possibly exploit this to cause a denial of service via\n application crash. (CVE-2012-0473)\n\n Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox\n allowed the address bar to display a different website than the one the\n user was visiting. This could potentially leave the user vulnerable to\n cross-site scripting (XSS) attacks. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n page, a remote attacker could exploit this to modify the contents, or steal\n confidential data, within the same domain. (CVE-2012-0474)\n\n Simone Fabiano discovered that Firefox did not always send correct origin\n headers when connecting to an IPv6 websites. An attacker could potentially\n use this to bypass intended access controls. (CVE-2012-0475)\n\n Masato Kinugawa discovered that cross- ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"12.0.1+build1-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"12.0.1+build1-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"12.0.1+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"12.0.1+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0469", "CVE-2012-0475", "CVE-2012-0474", "CVE-2011-1187", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1430-1", "modified": "2019-03-13T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:1361412562310840991", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840991", "type": "openvas", "title": "Ubuntu Update for firefox USN-1430-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1430_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for firefox USN-1430-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1430-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840991\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 11:08:59 +0530 (Mon, 30 Apr 2012)\");\n script_cve_id(\"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\",\n \"CVE-2012-0471\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\",\n \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2011-3062\", \"CVE-2011-1187\",\n \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1430-1\");\n script_name(\"Ubuntu Update for firefox USN-1430-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1430-1\");\n script_tag(name:\"affected\", value:\"firefox on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong,\n Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay\n discovered memory safety issues affecting Firefox. If the user were tricked\n into opening a specially crafted page, an attacker could exploit these to\n cause a denial of service via application crash, or potentially execute\n code with the privileges of the user invoking Firefox. (CVE-2012-0467,\n CVE-2012-0468)\n\n Aki Helin discovered a use-after-free vulnerability in XPConnect. An\n attacker could potentially exploit this to execute arbitrary code with the\n privileges of the user invoking Firefox. (CVE-2012-0469)\n\n Atte Kettunen discovered that invalid frees cause heap corruption in\n gfxImageSurface. If a user were tricked into opening a malicious Scalable\n Vector Graphics (SVG) image file, an attacker could exploit these to cause\n a denial of service via application crash, or potentially execute code with\n the privileges of the user invoking Firefox. (CVE-2012-0470)\n\n Anne van Kesteren discovered a potential cross-site scripting (XSS)\n vulnerability via multibyte content processing errors. With cross-site\n scripting vulnerabilities, if a user were tricked into viewing a specially\n crafted page, a remote attacker could exploit this to modify the contents,\n or steal confidential data, within the same domain. (CVE-2012-0471)\n\n Matias Juntunen discovered a vulnerability in Firefox's WebGL\n implementation that potentially allows the reading of illegal video memory.\n An attacker could possibly exploit this to cause a denial of service via\n application crash. (CVE-2012-0473)\n\n Jordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox\n allowed the address bar to display a different website than the one the\n user was visiting. This could potentially leave the user vulnerable to\n cross-site scripting (XSS) attacks. With cross-site scripting\n vulnerabilities, if a user were tricked into viewing a specially crafted\n page, a remote attacker could exploit this to modify the contents, or steal\n confidential data, within the same domain. (CVE-2012-0474)\n\n Simone Fabiano discovered that Firefox did not always send correct origin\n headers when connecting to an IPv6 websites. An attacker could potentially\n use this to bypass intended access controls. (CVE-2012-0475)\n\n Masato Kinugawa discovered that cross-site scripting (XSS) injection is\n possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets.\n With cross-site scripting vulnerabilities, if a user were ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"12.0+build1-0ubuntu0.10.04.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"12.0+build1-0ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"firefox\", ver:\"12.0+build1-0ubuntu0.11.04.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-11T11:07:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Check for the Version of firefox", "modified": "2018-01-09T00:00:00", "published": "2012-04-26T00:00:00", "id": "OPENVAS:870588", "href": "http://plugins.openvas.org/nasl.php?oid=870588", "type": "openvas", "title": "RedHat Update for firefox RHSA-2012:0515-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for firefox RHSA-2012:0515-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help\n prevent potential exploits in malformed OpenType fonts. A web page\n containing malicious content could cause Firefox to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-3062)\n\n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\n A web page containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-0470)\n\n A flaw was found in the way Firefox used its embedded Cairo library to\n render certain fonts. A web page containing malicious content could cause\n Firefox to crash or, under certain conditions, possibly execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2012-0472)\n\n A flaw was found in the way Firefox rendered certain images using WebGL. A\n web page containing malicious content could cause Firefox to crash or,\n under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-0478)\n\n A cross-site scripting (XSS) flaw was found in the way Firefox handled\n certain multibyte character sets. A web page containing malicious content\n could cause Firefox to run JavaScript code with the permissions of a\n different website. (CVE-2012-0471)\n\n A flaw was found in the way Firefox rendered certain graphics using WebGL.\n A web page containing malicious content could cause Firefox to crash.\n (CVE-2012-0473)\n\n A flaw in Firefox allowed the address bar to display a different website\n than the one the user was visiting. An attacker could use this flaw to\n conceal a malicious URL, possibly tricking a user into believing they are\n viewing a trusted site, or allowing scripts to be loaded from the\n attacker's site, possibly leading to cross-site scripting (XSS) attacks.\n (CVE-2012-0474)\n\n A flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN\n character sets. A web page containing malicious content could cause Firefox\n to run JavaScript code with the permissions of a different website.\n (CVE-2012-0477)\n\n A flaw was found in the way Firefox handled RSS and Atom feeds. Invalid\n ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00018.html\");\n script_id(870588);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-26 10:35:02 +0530 (Thu, 26 Apr 2012)\");\n script_cve_id(\"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\",\n \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\",\n \"CVE-2012-0474\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:0515-01\");\n script_name(\"RedHat Update for firefox RHSA-2012:0515-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.4~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"firefox-debuginfo\", rpm:\"firefox-debuginfo~10.0.4~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.4~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-debuginfo\", rpm:\"xulrunner-debuginfo~10.0.4~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.4~1.el5_8\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Oracle Linux Local Security Checks ELSA-2012-0515", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123928", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123928", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0515.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123928\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:25 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0515\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0515 - firefox security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0515\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0515.html\");\n script_cve_id(\"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2011-3062\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.4~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.4~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.4~1.0.1.el5_8\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.4~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.4~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.4~1.0.1.el6_2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870713", "type": "openvas", "title": "RedHat Update for thunderbird RHSA-2012:0516-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for thunderbird RHSA-2012:0516-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-April/msg00019.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870713\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:51:55 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\",\n \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\",\n \"CVE-2012-0474\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:0516-01\");\n script_name(\"RedHat Update for thunderbird RHSA-2012:0516-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"thunderbird on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\n A flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to\n help prevent potential exploits in malformed OpenType fonts. Malicious\n content could cause Thunderbird to crash or, under certain conditions,\n possibly execute arbitrary code with the privileges of the user running\n Thunderbird. (CVE-2011-3062)\n\n Malicious content could cause Thunderbird to crash or, potentially, execute\n arbitrary code with the privileges of the user running Thunderbird.\n (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\n Content containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Thunderbird to crash or, potentially, execute arbitrary code\n with the privileges of the user running Thunderbird. (CVE-2012-0470)\n\n A flaw was found in the way Thunderbird used its embedded Cairo library to\n render certain fonts. Malicious content could cause Thunderbird to crash\n or, under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Thunderbird. (CVE-2012-0472)\n\n A flaw was found in the way Thunderbird rendered certain images using\n WebGL. Malicious content could cause Thunderbird to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Thunderbird. (CVE-2012-0478)\n\n A cross-site scripting (XSS) flaw was found in the way Thunderbird handled\n certain multibyte character sets. Malicious content could cause Thunderbird\n to run JavaScript code with the permissions of different content.\n (CVE-2012-0471)\n\n A flaw was found in the way Thunderbird rendered certain graphics using\n WebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473)\n\n A flaw in the built-in feed reader in Thunderbird allowed the Website field\n to display the address of different content than the content the user was\n visiting. An attacker could use this flaw to conceal a malicious URL,\n possibly tricking a user into believing they are viewing a trusted site, or\n allowing scripts to be loaded from the attacker's site, possibly leading to\n cross-site scripting (XSS) attacks. (CVE-2012-0474)\n\n A flaw was found in the way Thunderbird decoded the ISO-2022-KR and\n ISO-2022-CN character sets. Malicious content could cause Thunderbird\n to run JavaScript code with the permissions of different content.\n (CVE-2012-0477)\n\n A flaw was found in the way the built-in feed reader in Thunderbird handled\n RSS and Atom feeds. Invalid RSS o ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"thunderbird\", rpm:\"thunderbird~10.0.4~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"thunderbird-debuginfo\", rpm:\"thunderbird-debuginfo~10.0.4~1.el6_2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:56:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "Check for the Version of firefox", "modified": "2018-01-01T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881082", "href": "http://plugins.openvas.org/nasl.php?oid=881082", "type": "openvas", "title": "CentOS Update for firefox CESA-2012:0515 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for firefox CESA-2012:0515 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mozilla Firefox is an open source web browser. XULRunner provides the XUL\n Runtime environment for Mozilla Firefox.\n\n A flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help\n prevent potential exploits in malformed OpenType fonts. A web page\n containing malicious content could cause Firefox to crash or, under certain\n conditions, possibly execute arbitrary code with the privileges of the user\n running Firefox. (CVE-2011-3062)\n \n A web page containing malicious content could cause Firefox to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n Firefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n \n A web page containing a malicious Scalable Vector Graphics (SVG) image file\n could cause Firefox to crash or, potentially, execute arbitrary code with\n the privileges of the user running Firefox. (CVE-2012-0470)\n \n A flaw was found in the way Firefox used its embedded Cairo library to\n render certain fonts. A web page containing malicious content could cause\n Firefox to crash or, under certain conditions, possibly execute arbitrary\n code with the privileges of the user running Firefox. (CVE-2012-0472)\n \n A flaw was found in the way Firefox rendered certain images using WebGL. A\n web page containing malicious content could cause Firefox to crash or,\n under certain conditions, possibly execute arbitrary code with the\n privileges of the user running Firefox. (CVE-2012-0478)\n \n A cross-site scripting (XSS) flaw was found in the way Firefox handled\n certain multibyte character sets. A web page containing malicious content\n could cause Firefox to run JavaScript code with the permissions of a\n different website. (CVE-2012-0471)\n \n A flaw was found in the way Firefox rendered certain graphics using WebGL.\n A web page containing malicious content could cause Firefox to crash.\n (CVE-2012-0473)\n \n A flaw in Firefox allowed the address bar to display a different website\n than the one the user was visiting. An attacker could use this flaw to\n conceal a malicious URL, possibly tricking a user into believing they are\n viewing a trusted site, or allowing scripts to be loaded from the\n attacker's site, possibly leading to cross-site scripting (XSS) attacks.\n (CVE-2012-0474)\n \n A flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN\n character sets. A web page containing malicious content could cause Firefox\n to run JavaScript code with the permissions of a different website.\n (CVE-2012-0477)\n \n A flaw was found in the way Firefox handled RSS and Atom feeds. Invalid\n RSS or Atom content loaded ov ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"firefox on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-April/018597.html\");\n script_id(881082);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:02:05 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\",\n \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\",\n \"CVE-2012-0474\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:0515\");\n script_name(\"CentOS Update for firefox CESA-2012:0515 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"firefox\", rpm:\"firefox~10.0.4~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner\", rpm:\"xulrunner~10.0.4~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xulrunner-devel\", rpm:\"xulrunner-devel~10.0.4~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-12-20T18:25:53", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0515\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help\nprevent potential exploits in malformed OpenType fonts. A web page\ncontaining malicious content could cause Firefox to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3062)\n\nA web page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nA web page containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2012-0470)\n\nA flaw was found in the way Firefox used its embedded Cairo library to\nrender certain fonts. A web page containing malicious content could cause\nFirefox to crash or, under certain conditions, possibly execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2012-0472)\n\nA flaw was found in the way Firefox rendered certain images using WebGL. A\nweb page containing malicious content could cause Firefox to crash or,\nunder certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Firefox handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause Firefox to run JavaScript code with the permissions of a\ndifferent website. (CVE-2012-0471)\n\nA flaw was found in the way Firefox rendered certain graphics using WebGL.\nA web page containing malicious content could cause Firefox to crash.\n(CVE-2012-0473)\n\nA flaw in Firefox allowed the address bar to display a different website\nthan the one the user was visiting. An attacker could use this flaw to\nconceal a malicious URL, possibly tricking a user into believing they are\nviewing a trusted site, or allowing scripts to be loaded from the\nattacker's site, possibly leading to cross-site scripting (XSS) attacks.\n(CVE-2012-0474)\n\nA flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN\ncharacter sets. A web page containing malicious content could cause Firefox\nto run JavaScript code with the permissions of a different website.\n(CVE-2012-0477)\n\nA flaw was found in the way Firefox handled RSS and Atom feeds. Invalid\nRSS or Atom content loaded over HTTPS caused Firefox to display the\naddress of said content in the location bar, but not the content in the\nmain window. The previous content continued to be displayed. An attacker\ncould use this flaw to perform phishing attacks, or trick users into\nthinking they are visiting the site reported by the location bar, when the\npage is actually content controlled by an attacker. (CVE-2012-0479)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.4 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030631.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030635.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0515.html", "edition": 3, "modified": "2012-04-25T03:51:02", "published": "2012-04-25T01:27:20", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/030631.html", "id": "CESA-2012:0515", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:34:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0516\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to\nhelp prevent potential exploits in malformed OpenType fonts. Malicious\ncontent could cause Thunderbird to crash or, under certain conditions,\npossibly execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-3062)\n\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nContent containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2012-0470)\n\nA flaw was found in the way Thunderbird used its embedded Cairo library to\nrender certain fonts. Malicious content could cause Thunderbird to crash\nor, under certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2012-0472)\n\nA flaw was found in the way Thunderbird rendered certain images using\nWebGL. Malicious content could cause Thunderbird to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0471)\n\nA flaw was found in the way Thunderbird rendered certain graphics using\nWebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473)\n\nA flaw in the built-in feed reader in Thunderbird allowed the Website field\nto display the address of different content than the content the user was\nvisiting. An attacker could use this flaw to conceal a malicious URL,\npossibly tricking a user into believing they are viewing a trusted site, or\nallowing scripts to be loaded from the attacker's site, possibly leading to\ncross-site scripting (XSS) attacks. (CVE-2012-0474)\n\nA flaw was found in the way Thunderbird decoded the ISO-2022-KR and\nISO-2022-CN character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0477)\n\nA flaw was found in the way the built-in feed reader in Thunderbird handled\nRSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused\nThunderbird to display the address of said content, but not the content.\nThe previous content continued to be displayed. An attacker could use this\nflaw to perform phishing attacks, or trick users into thinking they are\nvisiting the site reported by the Website field, when the page is actually\ncontent controlled by an attacker. (CVE-2012-0479)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\nNote: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062\ncannot be exploited by a specially-crafted HTML mail message as JavaScript\nis disabled by default for mail messages. It could be exploited another way\nin Thunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030632.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/030638.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/042966.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0516.html", "edition": 4, "modified": "2012-04-25T03:54:23", "published": "2012-04-25T01:30:17", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/030632.html", "id": "CESA-2012:0516", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:36", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3062", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0472", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479"], "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help\nprevent potential exploits in malformed OpenType fonts. A web page\ncontaining malicious content could cause Firefox to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3062)\n\nA web page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nA web page containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2012-0470)\n\nA flaw was found in the way Firefox used its embedded Cairo library to\nrender certain fonts. A web page containing malicious content could cause\nFirefox to crash or, under certain conditions, possibly execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2012-0472)\n\nA flaw was found in the way Firefox rendered certain images using WebGL. A\nweb page containing malicious content could cause Firefox to crash or,\nunder certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Firefox handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause Firefox to run JavaScript code with the permissions of a\ndifferent website. (CVE-2012-0471)\n\nA flaw was found in the way Firefox rendered certain graphics using WebGL.\nA web page containing malicious content could cause Firefox to crash.\n(CVE-2012-0473)\n\nA flaw in Firefox allowed the address bar to display a different website\nthan the one the user was visiting. An attacker could use this flaw to\nconceal a malicious URL, possibly tricking a user into believing they are\nviewing a trusted site, or allowing scripts to be loaded from the\nattacker's site, possibly leading to cross-site scripting (XSS) attacks.\n(CVE-2012-0474)\n\nA flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN\ncharacter sets. A web page containing malicious content could cause Firefox\nto run JavaScript code with the permissions of a different website.\n(CVE-2012-0477)\n\nA flaw was found in the way Firefox handled RSS and Atom feeds. Invalid\nRSS or Atom content loaded over HTTPS caused Firefox to display the\naddress of said content in the location bar, but not the content in the\nmain window. The previous content continued to be displayed. An attacker\ncould use this flaw to perform phishing attacks, or trick users into\nthinking they are visiting the site reported by the location bar, when the\npage is actually content controlled by an attacker. (CVE-2012-0479)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.4 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n", "modified": "2018-06-06T20:24:26", "published": "2012-04-24T04:00:00", "id": "RHSA-2012:0515", "href": "https://access.redhat.com/errata/RHSA-2012:0515", "type": "redhat", "title": "(RHSA-2012:0515) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3062", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0472", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479"], "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to\nhelp prevent potential exploits in malformed OpenType fonts. Malicious\ncontent could cause Thunderbird to crash or, under certain conditions,\npossibly execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-3062)\n\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nContent containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2012-0470)\n\nA flaw was found in the way Thunderbird used its embedded Cairo library to\nrender certain fonts. Malicious content could cause Thunderbird to crash\nor, under certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2012-0472)\n\nA flaw was found in the way Thunderbird rendered certain images using\nWebGL. Malicious content could cause Thunderbird to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0471)\n\nA flaw was found in the way Thunderbird rendered certain graphics using\nWebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473)\n\nA flaw in the built-in feed reader in Thunderbird allowed the Website field\nto display the address of different content than the content the user was\nvisiting. An attacker could use this flaw to conceal a malicious URL,\npossibly tricking a user into believing they are viewing a trusted site, or\nallowing scripts to be loaded from the attacker's site, possibly leading to\ncross-site scripting (XSS) attacks. (CVE-2012-0474)\n\nA flaw was found in the way Thunderbird decoded the ISO-2022-KR and\nISO-2022-CN character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0477)\n\nA flaw was found in the way the built-in feed reader in Thunderbird handled\nRSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused\nThunderbird to display the address of said content, but not the content.\nThe previous content continued to be displayed. An attacker could use this\nflaw to perform phishing attacks, or trick users into thinking they are\nvisiting the site reported by the Website field, when the page is actually\ncontent controlled by an attacker. (CVE-2012-0479)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\nNote: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062\ncannot be exploited by a specially-crafted HTML mail message as JavaScript\nis disabled by default for mail messages. It could be exploited another way\nin Thunderbird, for example, when viewing the full remote content of an\nRSS feed.\n", "modified": "2018-06-06T20:24:24", "published": "2012-04-24T04:00:00", "id": "RHSA-2012:0516", "href": "https://access.redhat.com/errata/RHSA-2012:0516", "type": "redhat", "title": "(RHSA-2012:0516) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "firefox:\n[10.0.4-1.0.1.el6_2]\n- Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js\n[10.0.4-1]\n- Update to 10.0.4 ESR\nxulrunner:\n[10.0.4-1.0.1.el6_2]\n- Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js\n[10.0.4-1]\n- Update to 10.0.4 ESR\n[10.0.3-3]\n- Fixed mozbz#746112 - ppc(64) freeze\n[10.0.3-2]\n- Fixed mozbz#681937", "edition": 4, "modified": "2012-04-25T00:00:00", "published": "2012-04-25T00:00:00", "id": "ELSA-2012-0515", "href": "http://linux.oracle.com/errata/ELSA-2012-0515.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0472", "CVE-2012-0469", "CVE-2012-0474", "CVE-2012-0468", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-0467", "CVE-2012-0471"], "description": "[10.0.4-1.0.1.el6_2]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[10.0.4-1]\n- Update to 10.0.4 ESR", "edition": 4, "modified": "2012-04-25T00:00:00", "published": "2012-04-25T00:00:00", "id": "ELSA-2012-0516", "href": "http://linux.oracle.com/errata/ELSA-2012-0516.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:06", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0477", "CVE-2012-0467", "CVE-2012-0471"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2457-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 13, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel / icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 \n CVE-2012-0479\n\nThe updates DSA-2457 and DSA-2458 for Iceweasel and Icedove introduced\na regression, which could lead to crashes when interpreting some\nJavascript statements.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-15 for Iceweasel and 2.0.11-12 for Icedove.\n\nThe unstable distribution (sid) is not affected.\n\nWe recommend that you upgrade your iceweasel and icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2012-05-13T21:09:52", "published": "2012-05-13T21:09:52", "id": "DEBIAN:DSA-2457-2:D2EFF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00108.html", "title": "[SECURITY] [DSA 2457-2] New icedove/iceweasel packages fix regression", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:21:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0477", "CVE-2012-0467", "CVE-2012-0471"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2464-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 02, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : icedove\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 \n CVE-2012-0479\n\nSeveral vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.\n\nCVE-2012-0467\n\n Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary\n Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,\n and Olli Pettay discovered memory corruption bugs, which may lead\n to the execution of arbitrary code.\n\nCVE-2012-0470\n\n Atte Kettunen discovered that a memory corruption bug in\n gfxImageSurface may lead to the execution of arbitrary code.\n\nCVE-2012-0471\n\n Anne van Kesteren discovered that incorrect multibyte octet\n decoding may lead to cross-site scripting.\n\nCVE-2012-0477\n\n Masato Kinugawa discovered that incorrect encoding of\n Korean and Chinese character sets may lead to cross-site scripting.\n\nCVE-2012-0479\n\n Jeroen van der Gun discovered a spoofing vulnerability in the\n presentation of Atom and RSS feeds over HTTPS.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze9.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your icedove packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-05-03T15:46:24", "published": "2012-05-03T15:46:24", "id": "DEBIAN:DSA-2464-1:C0FF5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00096.html", "title": "[SECURITY] [DSA 2464-1] icedove security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:16:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0477", "CVE-2012-0467", "CVE-2012-0471"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2457-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 \n CVE-2012-0479\n\nSeveral vulnerabilities have been discovered in Iceweasel, a web\nbrowser based on Firefox. The included XULRunner library provides\nrendering services for several other applications included in Debian.\n\nCVE-2012-0467\n \n Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary\n Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,\n and Olli Pettay discovered memory corruption bugs, which may lead\n to the execution of arbitrary code.\n\nCVE-2012-0470\n\n Atte Kettunen discovered that a memory corruption bug in\n gfxImageSurface may lead to the execution of arbitrary code.\n\nCVE-2012-0471\n\n Anne van Kesteren discovered that incorrect multibyte octet\n decoding may lead to cross-site scripting.\n\nCVE-2012-0477\n\n Masato Kinugawa discovered that incorrect encoding of\n Korean and Chinese character sets may lead to cross-site scripting.\n\nCVE-2012-0479\n\n Jeroen van der Gun discovered a spoofing vulnerability in the\n presentation of Atom and RSS feeds over HTTPS.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-14.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 10.0.4esr-1.\n\nFor the experimental distribution, this problem will be fixed soon.\n\n\nWe recommend that you upgrade your iceweasel packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-04-24T20:35:43", "published": "2012-04-24T20:35:43", "id": "DEBIAN:DSA-2457-1:2093A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00088.html", "title": "[SECURITY] [DSA 2457-1] iceweasel security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:24:34", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0479", "CVE-2012-0470", "CVE-2012-0456", "CVE-2012-0461", "CVE-2012-0455", "CVE-2012-0477", "CVE-2012-0467", "CVE-2012-0458", "CVE-2012-0471"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2458-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceape\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 \n CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 \n CVE-2012-0479\n\nSeveral vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of Seamonkey:\n\nCVE-2012-0455\n\n Soroush Dalili discovered that a cross-site scripting countermeasure\n related to Javascript URLs could be bypassed.\n\nCVE-2012-0456\n\n Atte Kettunen discovered an out of bounds read in the SVG Filters,\n resulting in memory disclosure.\n\nCVE-2012-0458\n\n Mariusz Mlynski discovered that privileges could be escalated through\n a Javascript URL as the home page.\n\nCVE-2012-0461\n\n Bob Clary discovered memory corruption bugs, which may lead to the\n execution of arbitrary code.\n\nCVE-2012-0467\n \n Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary\n Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,\n and Olli Pettay discovered memory corruption bugs, which may lead\n to the execution of arbitrary code.\n\nCVE-2012-0470\n\n Atte Kettunen discovered that a memory corruption bug in\n gfxImageSurface may lead to the execution of arbitrary code.\n\nCVE-2012-0471\n\n Anne van Kesteren discovered that incorrect multibyte octet\n encoding may lead to cross-site scripting.\n\nCVE-2012-0477\n\n Masato Kinugawa discovered that incorrect encoding of\n Korean and Chinese character sets may lead to cross-site scripting.\n\nCVE-2012-0479\n\n Jeroen van der Gun discovered a spoofing vulnerability in the\n presentation of Atom and RSS feeds over HTTPS.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-11\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your iceape packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2012-04-24T20:56:48", "published": "2012-04-24T20:56:48", "id": "DEBIAN:DSA-2548-1:1FF93", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00089.html", "title": "[SECURITY] [DSA 2548-1] iceape security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T05:51:05", "description": "Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.", "edition": 9, "cvss3": {}, "published": "2012-03-30T22:55:00", "title": "CVE-2011-3062", "type": "cve", "cwe": ["CWE-682"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3062"], "modified": "2020-04-14T15:12:00", "cpe": [], "id": "CVE-2011-3062", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3062", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-02-02T05:59:45", "description": "Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0479", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0479"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0479", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:45", "description": "The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0472", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0472"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0472", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:45", "description": "Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of \"different number systems.\"", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0470", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0470"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird_esr:10.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0470", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:44", "description": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0467", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0467"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0467", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0467", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:44", "description": "The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function.", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0468", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0468"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0468", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:45", "description": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0471", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0471"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0471", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0471", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:45", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set.", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0477", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0477"], "modified": "2018-01-18T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0477", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0477", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:45", "description": "The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call.", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0473", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0473"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0473", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:59:45", "description": "The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.", "edition": 6, "cvss3": {}, "published": "2012-04-25T10:10:00", "title": "CVE-2012-0478", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0478"], "modified": "2017-12-29T02:29:00", "cpe": ["cpe:/a:mozilla:thunderbird:11.0", "cpe:/a:mozilla:seamonkey:1.0.8", "cpe:/a:mozilla:seamonkey:2.0.6", "cpe:/a:mozilla:seamonkey:2.0", "cpe:/a:mozilla:seamonkey:2.0.7", "cpe:/a:mozilla:seamonkey:2.7.1", "cpe:/a:mozilla:firefox:8.0", "cpe:/a:mozilla:thunderbird:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.17", "cpe:/a:mozilla:seamonkey:1.0.2", "cpe:/a:mozilla:seamonkey:1.1.2", "cpe:/a:mozilla:seamonkey:1.5.0.10", "cpe:/a:mozilla:seamonkey:1.1.18", "cpe:/a:mozilla:thunderbird:7.0", "cpe:/a:mozilla:seamonkey:2.0.3", "cpe:/a:mozilla:seamonkey:1.0", "cpe:/a:mozilla:firefox:4.0.1", "cpe:/a:mozilla:firefox:10.0", "cpe:/a:mozilla:seamonkey:1.5.0.9", "cpe:/a:mozilla:firefox:8.0.1", "cpe:/a:mozilla:seamonkey:2.0.11", "cpe:/a:mozilla:firefox_esr:10.0.2", "cpe:/a:mozilla:seamonkey:2.3", "cpe:/a:mozilla:firefox:5.0.1", "cpe:/a:mozilla:seamonkey:1.0.9", "cpe:/a:mozilla:seamonkey:2.4.1", "cpe:/a:mozilla:firefox:7.0", "cpe:/a:mozilla:firefox:10.0.1", "cpe:/a:mozilla:seamonkey:2.8", "cpe:/a:mozilla:thunderbird:10.0.4", "cpe:/a:mozilla:firefox:9.0", "cpe:/a:mozilla:seamonkey:1.1.15", "cpe:/a:mozilla:seamonkey:2.7.2", "cpe:/a:mozilla:thunderbird:10.0", "cpe:/a:mozilla:firefox_esr:10.0.3", "cpe:/a:mozilla:firefox:6.0.1", "cpe:/a:mozilla:firefox_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.9", "cpe:/a:mozilla:thunderbird:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.10", "cpe:/a:mozilla:seamonkey:1.1.12", "cpe:/a:mozilla:firefox:11.0", "cpe:/a:mozilla:firefox:4.0", "cpe:/a:mozilla:thunderbird:6.0.2", "cpe:/a:mozilla:seamonkey:2.0.8", "cpe:/a:mozilla:seamonkey:1.1.6", "cpe:/a:mozilla:seamonkey:1.1.5", "cpe:/a:mozilla:thunderbird_esr:10.0", "cpe:/a:mozilla:firefox:9.0.1", "cpe:/a:mozilla:seamonkey:2.4", "cpe:/a:mozilla:seamonkey:1.1.4", "cpe:/a:mozilla:firefox:7.0.1", "cpe:/a:mozilla:seamonkey:2.6", "cpe:/a:mozilla:seamonkey:2.0.4", "cpe:/a:mozilla:firefox_esr:10.0", "cpe:/a:mozilla:thunderbird:9.0.1", "cpe:/a:mozilla:thunderbird:9.0", "cpe:/a:mozilla:seamonkey:2.0.14", "cpe:/a:mozilla:seamonkey:2.5", "cpe:/a:mozilla:thunderbird:7.0.1", "cpe:/a:mozilla:seamonkey:1.0.6", "cpe:/a:mozilla:seamonkey:2.3.3", "cpe:/a:mozilla:firefox:6.0.2", "cpe:/a:mozilla:thunderbird:6.0", "cpe:/a:mozilla:seamonkey:2.0.2", "cpe:/a:mozilla:seamonkey:2.9", "cpe:/a:mozilla:seamonkey:1.0.4", "cpe:/a:mozilla:seamonkey:2.0.13", "cpe:/a:mozilla:seamonkey:2.7", "cpe:/a:mozilla:seamonkey:1.0.5", "cpe:/a:mozilla:thunderbird:10.0.2", "cpe:/a:mozilla:thunderbird:8.0", "cpe:/a:mozilla:seamonkey:1.0.7", "cpe:/a:mozilla:seamonkey:1.1.11", "cpe:/a:mozilla:seamonkey:1.1.3", "cpe:/a:mozilla:thunderbird:6.0.1", "cpe:/a:mozilla:seamonkey:1.1.1", "cpe:/a:mozilla:thunderbird_esr:10.0.3", "cpe:/a:mozilla:seamonkey:1.1.7", "cpe:/a:mozilla:firefox:6.0", "cpe:/a:mozilla:seamonkey:2.0.9", "cpe:/a:mozilla:seamonkey:2.0.5", "cpe:/a:mozilla:seamonkey:2.0.12", "cpe:/a:mozilla:firefox:10.0.2", "cpe:/a:mozilla:seamonkey:1.5.0.8", "cpe:/a:mozilla:firefox:5.0", "cpe:/a:mozilla:seamonkey:1.1.14", "cpe:/a:mozilla:seamonkey:1.1.16", "cpe:/a:mozilla:thunderbird_esr:10.0.2", "cpe:/a:mozilla:thunderbird:5.0", "cpe:/a:mozilla:seamonkey:2.2", "cpe:/a:mozilla:seamonkey:1.0.1", "cpe:/a:mozilla:seamonkey:1.0.3", "cpe:/a:mozilla:seamonkey:2.0.10", "cpe:/a:mozilla:seamonkey:1.1", "cpe:/a:mozilla:seamonkey:2.3.1", "cpe:/a:mozilla:seamonkey:2.3.2", "cpe:/a:mozilla:seamonkey:1.1.19", "cpe:/a:mozilla:seamonkey:2.6.1", "cpe:/a:mozilla:seamonkey:2.0.1", "cpe:/a:mozilla:thunderbird_esr:10.0.1", "cpe:/a:mozilla:seamonkey:1.1.8", "cpe:/a:mozilla:seamonkey:2.1", "cpe:/a:mozilla:seamonkey:1.1.13"], "id": "CVE-2012-0478", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0478", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.9:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:33:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\nMFSA 2012-22 use-after-free in IDBKeyRange\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\nMFSA 2012-24 Potential XSS via multibyte content processing errors\nMFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\nMFSA 2012-27 Page load short-circuit can lead to XSS\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\nMFSA 2012-30 Crash with WebGL content using textImage2D\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\nMFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors\nMFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds\n\n", "edition": 4, "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "380E8C56-8E32-11E1-9580-4061862B8C22", "href": "https://vuxml.freebsd.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "description": "Multiple memory corruptions in main code and different libraries, crossite scripting, information leakage.", "edition": 1, "modified": "2012-05-09T00:00:00", "published": "2012-05-09T00:00:00", "id": "SECURITYVULNS:VULN:12355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12355", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:40", "bulletinFamily": "software", "cvelist": ["CVE-2012-0468", "CVE-2012-0467"], "edition": 1, "description": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.\nIn general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "MFSA2012-20", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-20/", "type": "mozilla", "title": "Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:53", "bulletinFamily": "software", "cvelist": ["CVE-2012-0479"], "description": "Security researcher Jeroen van der Gun reported that if RSS\nor Atom XML invalid content is loaded over HTTPS, the addressbar updates to\ndisplay the new location of the loaded resource, including SSL indicators, while\nthe main window still displays the previously loaded content. This allows for\nphishing attacks where a malicious page can spoof the identify of another\nseemingly secure site.", "edition": 1, "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "MFSA2012-33", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-33/", "type": "mozilla", "title": "Potential site identity spoofing when loading RSS and Atom feeds", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-05T13:37:39", "bulletinFamily": "software", "cvelist": ["CVE-2012-0472"], "edition": 1, "description": "Security research firm iDefense reported that researcher\nwushi of team509 discovered a memory corruption on Windows\nVista and Windows 7 systems with hardware acceleration disabled or using\nincompatible video drivers. This is created by using cairo-dwrite to attempt to\nrender fonts on an unsupported code path. This corruption causes a potentially\nexploitable crash on affected systems.", "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "MFSA2012-25", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-25/", "type": "mozilla", "title": "Potential memory corruption during font rendering using cairo-dwrite", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-05T13:37:43", "bulletinFamily": "software", "cvelist": ["CVE-2012-0471"], "edition": 1, "description": "Anne van Kesteren of Opera Software found a \nmulti-octet encoding issue where certain octets will destroy the following\noctets in the processing of some multibyte character sets. This can leave users\nvulnerable to cross-site scripting (XSS) attacks on maliciously crafted web\npages.", "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "MFSA2012-24", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-24/", "type": "mozilla", "title": "Potential XSS via multibyte content processing errors", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T18:38:15", "description": "BUGTRAQ ID: 53219\r\nCVE ID: CVE-2012-0471\r\n\r\nFirefox\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684\u5f00\u6e90WEB\u6d4f\u89c8\u5668\u3002Thunderbird\u662f\u4e00\u4e2a\u90ae\u4ef6\u5ba2\u6237\u7aef\uff0c\u652f\u6301IMAP\u3001POP\u90ae\u4ef6\u534f\u8bae\u4ee5\u53caHTML\u90ae\u4ef6\u683c\u5f0f\u3002SeaMonkey\u662f\u5f00\u6e90\u7684Web\u6d4f\u89c8\u5668\u3001\u90ae\u4ef6\u548c\u65b0\u95fb\u7ec4\u5ba2\u6237\u7aef\u3001IRC\u4f1a\u8bdd\u5ba2\u6237\u7aef\u548cHTML\u7f16\u8f91\u5668\u3002\r\n\r\nMozilla Firefox\u3001Thunderbird\u548cSeamonkey\u5728\u591a\u5b57\u8282\u5185\u5bb9\u5904\u7406\u7684\u5b9e\u73b0\u4e0a\u5b58\u5728XSS\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u811a\u672c\u4ee3\u7801\uff0c\u7a83\u53d6cookie\u8eab\u4efd\u9a8c\u8bc1\u51ed\u8bc1\u5e76\u53d1\u52a8\u5176\u4ed6\u653b\u51fb\u3002\r\n0\r\nMozilla Firefox < 12.0\r\nMozilla Thunderbird < 12.0\r\nMozilla SeaMonkey < 2.9\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMozilla\r\n-------\r\nMozilla\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08mfsa2012-24\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nmfsa2012-24\uff1aPotential XSS via multibyte content processing errors\r\n\r\n\u94fe\u63a5\uff1ahttp://www.mozilla.org/security/announce/2012/mfsa2012-24.html", "published": "2012-04-27T00:00:00", "title": "Mozilla Firefox/Thunderbird/Seamonkey\u8de8\u7ad9\u811a\u672c\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0471"], "modified": "2012-04-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60083", "id": "SSV:60083", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}]}

SeaMonkey &lt; 2.9.0 Multiple Vulnerabilities

Description

SeaMonkey < 2.9.0 Multiple Vulnerabilities