Lucene search
Mozilla FoundationMFSA2012-22HistoryApr 24, 2012 - 12:00 a.m.
use-after-free in IDBKeyRange — Mozilla
2012-04-2400:00:00
Mozilla Foundation
www.mozilla.org
24
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.113
Percentile
95.2%
Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable.
Affected configurations
Node
mozillafirefoxRange<12
ORmozillafirefox_esrRange<10.0.4
ORmozillaseamonkeyRange<2.9
ORmozillathunderbirdRange<12
ORmozillathunderbird_esrRange<10.0.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox_esr | * | cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* |
| mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
| mozilla | thunderbird_esr | * | cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2012-04-25 10:10:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:09:07
cvelist
cvelist
CVE-2012-0469
2012-04-25 10:00:00
ubuntucve
ubuntucve
CVE-2012-0469
2012-04-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Multiple Products IDBKeyRange Use-After-Free (CVE-2012-0469)
2012-08-27 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2012-22) - Linux
2021-11-11 00:00:00
Mozilla Products Multiple Vulnerabilities - May12 (Mac OS X)
2012-05-02 00:00:00
Ubuntu: Security Advisory (USN-1430-2)
2012-04-30 00:00:00
cve
cve
CVE-2012-0469
2012-04-25 10:10:17
nvd
nvd
CVE-2012-0469
2012-04-25 10:10:17
nessus
nessus
Firefox < 10.0.4 Multiple Vulnerabilities (Mac OS X)
2012-04-27 00:00:00
Thunderbird 10.0.x < 10.0.4 Multiple Vulnerabilities (Mac OS X)
2012-04-27 00:00:00
Firefox 10.0.x < 10.0.4 Multiple Vulnerabilities
2012-04-27 00:00:00
redhat
redhat
(RHSA-2012:0516) Critical: thunderbird security update
2012-04-24 00:00:00
(RHSA-2012:0515) Critical: firefox security update
2012-04-24 00:00:00
centos
centos
thunderbird security update
2012-04-25 01:30:17
firefox, xulrunner security update
2012-04-25 01:27:20
oraclelinux
oraclelinux
thunderbird security update
2012-04-25 00:00:00
firefox security update
2012-04-25 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2012-05-04 00:00:00
Firefox vulnerabilities
2012-04-27 00:00:00
ubufox update
2012-04-27 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2012-05-02 19:08:16
Security update for MozillaFirefox (important)
2012-06-02 02:08:30
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-04-24 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-05-09 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
osv
osv
MozillaThunderbird-45.5.1-1.1 on GA media
2024-06-15 00:00:00
MozillaFirefox-50.1.0-1.1 on GA media
2024-06-15 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.113
Percentile
95.2%
Related for MFSA2012-22