CVE-2012-0449

2012-02-0116:55:00

CWE-119

[email protected]

web.nvd.nist.gov

mozilla

firefox

thunderbird

seamonkey

cve-2012-0449

memory corruption

denial of service

application crash

xslt stylesheet

nvd

9.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

86.8%

JSON

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.

CPENameOperatorVersion
mozilla:thunderbirdmozilla thunderbirdlt10.0
mozilla:thunderbirdmozilla thunderbirdlt3.1.18
mozilla:seamonkeymozilla seamonkeylt2.7
mozilla:firefoxmozilla firefoxlt10.0
mozilla:firefoxmozilla firefoxlt3.6.26
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq6.0
suse:linux_enterprise_serversuse linux enterprise servereq11
suse:linux_enterprise_desktopsuse linux enterprise desktopeq11
suse:linux_enterprise_serversuse linux enterprise servereq10

CPE	Name	Operator	Version
mozilla:thunderbird	mozilla thunderbird	lt	10.0
mozilla:thunderbird	mozilla thunderbird	lt	3.1.18
mozilla:seamonkey	mozilla seamonkey	lt	2.7
mozilla:firefox	mozilla firefox	lt	10.0
mozilla:firefox	mozilla firefox	lt	3.6.26
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	6.0
suse:linux_enterprise_server	suse linux enterprise server	eq	11
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	10