Vulnerability Details : CVE-2012-5842
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-5842
Probability of exploitation activity in the next 30 days: 0.89%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-5842
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-5842
-
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
openSUSE-SU-2012:1586-1: moderate: update for xulrunnerMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
openSUSE-SU-2012:1585-1: moderate: update for MozillaThunderbirdMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/56611
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5842 Multiple Memory Corruption VulnerabilitiesThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
openSUSE-SU-2012:1583-1: moderate: update for MozillaFirefoxMailing List;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=809674
809674 - Crash with TimeEvent.viewIssue Tracking;Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1638-3
USN-1638-3: Firefox regressions | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=805957
805957 - Possible memory corruption of nsDeviceContextIssue Tracking;Patch;Vendor Advisory
-
http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11) — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
[security-announce] SUSE-SU-2012:1592-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1638-1
USN-1638-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1638-2
USN-1638-2: ubufox update | Ubuntu security noticesThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16573
Repository / Oval RepositoryThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1482.html
RHSA-2012:1482 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=736537
736537 - ###!!! ASSERTION: Uh, cx is not the current JS context!: 'cx == GetCurrentJSContext()' setting location.href in scratchpadIssue Tracking;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1483.html
RHSA-2012:1483 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80169
Mozilla Firefox, Thunderbird, and SeaMonkey code execution CVE-2012-5842 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2012/dsa-2583
Debian -- Security Information -- DSA-2583-1 iceweaselThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=793848
793848 - Crash with <svg:use> removed during its own scrollbar attribute mutation eventIssue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=802168
802168 - Assertion failure: (next == this) == (prev == this) discarding images in LinkedListIssue Tracking;Patch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
mandriva.comThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1636-1
USN-1636-1: Thunderbird vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
[security-announce] openSUSE-SU-2013:0175-1: important: security updateMailing List;Third Party Advisory
-
http://www.debian.org/security/2012/dsa-2588
Debian -- Security Information -- DSA-2588-1 icedoveThird Party Advisory
-
http://www.debian.org/security/2012/dsa-2584
Debian -- Security Information -- DSA-2584-1 iceapeThird Party Advisory
Products affected by CVE-2012-5842
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*