Vulnerability Details : CVE-2012-0443
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2012-0443
- cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.:beta3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0443
59.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0443
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2012-0443
-
https://bugzilla.mozilla.org/show_bug.cgi?id=665578
665578 - [ATI on Mac] WebGL demo "To the Road of Ribbon" crashes in useProgram [@ ATIRadeonX3000GLDriver@0x5a4fc]
-
https://bugzilla.mozilla.org/show_bug.cgi?id=715662
715662 - browser-only methodjit crash (triggered by CSS transform tests)
-
http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
Miscellaneous memory safety hazards (rv:10.0/ 1.9.2.26) — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
[security-announce] openSUSE-SU-2012:0234-1: important: MozillaFirefox:
-
https://bugzilla.mozilla.org/show_bug.cgi?id=695076
695076 - (CVE-2011-3662) Crash in ANGLE's libGLESv2, in glTexImage2D on a cube map, invalid read in gl::Texture::createSurface
-
https://bugzilla.mozilla.org/show_bug.cgi?id=712289
712289 - jsval has different alignments in C and C++ (jsdIValue.getWrappedValue broken on 32-bit)
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
mandriva.com
-
https://bugzilla.mozilla.org/show_bug.cgi?id=713209
713209 - Crash [@ __memcpy_ssse3_rep] through JSRope::flatten
-
https://bugzilla.mozilla.org/show_bug.cgi?id=684938
684938 - Proxy nsXPCWrappedJS::Release to the main thread
-
https://bugzilla.mozilla.org/show_bug.cgi?id=707051
707051 - Failure to mark some shapes during delayed marking
-
https://bugzilla.mozilla.org/show_bug.cgi?id=711651
711651 - Crash after mutating DOM from MozBeforeResize event
-
https://bugzilla.mozilla.org/show_bug.cgi?id=714600
714600 - Assertion failure: [infer failure] Missing type pushed 0: [0xf6c001c0], at jsinfer.cpp:349
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14444
Repository / Oval Repository
-
https://bugzilla.mozilla.org/show_bug.cgi?id=696748
696748 - [ARM] Assertion failure: (inst & mask) == expected, at ../methodjit/ICChecker.h:56
-
https://bugzilla.mozilla.org/show_bug.cgi?id=712169
712169 - Assertion failure: canAllocUnaligned(n), at js/src/ds/LifoAlloc.cpp:100 or Crash [@ __memcpy_ssse3_rep]
-
https://bugzilla.mozilla.org/show_bug.cgi?id=692817
692817 - nsA(C)String::SetLength overflow in EncodeInputStream
Jump to