10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.13 Low
EPSS
Percentile
95.5%
Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. This happens due to float error, resulting from graphics values being passed through different number systems.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 12 | |
firefox esr | lt | 10.0.4 | |
seamonkey | lt | 2.9 | |
thunderbird | lt | 12 | |
thunderbird esr | lt | 10.0.4 |