Vulnerability Details : CVE-2012-0461
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-0461
Probability of exploitation activity in the next 30 days: 4.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-0461
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
nvd@nist.gov |
References for CVE-2012-0461
-
http://rhn.redhat.com/errata/RHSA-2012-0387.html
RHSA-2012:0387 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-1400-4
USN-1400-4: Thunderbird regressions | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=657588
657588 - [adbe 2875277] Crash [@ std::_Construct<MessageLoop::PendingTask, MessageLoop::PendingTask>(MessageLoop::PendingTask*, MessageLoop::PendingTask const&) ] | ABORT: CRT ASSERT dbgheap.c(1279) :Issue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
[security-announce] SUSE-SU-2012:0424-1: critical: Security update for M
-
http://www.ubuntu.com/usn/USN-1400-2
USN-1400-2: ubufox update | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1400-3
USN-1400-3: Thunderbird vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securitytracker.com/id?1026803
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
http://www.securitytracker.com/id?1026804
Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
mandriva.com
-
https://bugzilla.mozilla.org/show_bug.cgi?id=730425
730425 - Crash [@ nsMediaCacheStream::Read(char*, unsigned int, unsigned int*) ]Issue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
[security-announce] SUSE-SU-2012:0425-1: critical: Security update for M
-
http://www.ubuntu.com/usn/USN-1400-5
USN-1400-5: GSettings desktop schemas regression | Ubuntu security noticesThird Party Advisory
-
http://secunia.com/advisories/48414
Sign in
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009
Repository / Oval RepositoryThird Party Advisory
-
http://secunia.com/advisories/48359
Sign in
-
http://rhn.redhat.com/errata/RHSA-2012-0388.html
RHSA-2012:0388 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
mandriva.com
-
http://secunia.com/advisories/48402
Sign in
-
http://www.ubuntu.com/usn/USN-1401-1
USN-1401-1: Xulrunner vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
openSUSE-SU-2012:0417-1: moderate: update for MozillaFirefox, MozillaThuThird Party Advisory
-
http://www.securitytracker.com/id?1026801
Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
http://www.debian.org/security/2012/dsa-2433
Debian -- Security Information -- DSA-2433-1 iceweaselThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1400-1
USN-1400-1: Firefox vulnerabilities | Ubuntu security notices
-
http://www.debian.org/security/2012/dsa-2458
Debian -- Security Information -- DSA-2458-2 iceape
-
http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) — MozillaVendor Advisory
Products affected by CVE-2012-0461
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*