CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.9%
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4215
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4217
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5839
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5840
bugzilla.mozilla.org/show_bug.cgi?id=767765
bugzilla.mozilla.org/show_bug.cgi?id=786142
bugzilla.mozilla.org/show_bug.cgi?id=795708
bugzilla.mozilla.org/show_bug.cgi?id=795804
bugzilla.mozilla.org/show_bug.cgi?id=798677
bugzilla.mozilla.org/show_bug.cgi?id=798853
bugzilla.mozilla.org/show_bug.cgi?id=802902
bugzilla.mozilla.org/show_bug.cgi?id=804927
bugzilla.mozilla.org/show_bug.cgi?id=805287