Vulnerability Details : CVE-2012-5829

Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerability category: OverflowMemory CorruptionExecute code

Published 2012-11-21 12:55:03

Updated 2020-08-14 17:38:34

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-5829

Probability of exploitation activity in the next 30 days: 3.49%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-5829

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-5829

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: [email protected] (Primary)

References for CVE-2012-5829

http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1638-3

Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1638-1

Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1638-2

Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1681-1

Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2012-1482.html

Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=792305

Exploit;Issue Tracking;Patch;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16849

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1483.html

Third Party Advisory

CVEs referencing this url
http://www.mozilla.org/security/announce/2013/mfsa2013-02.html

Vendor Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1681-2

Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2012/dsa-2583

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/56636

Third Party Advisory;VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173

Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/80195

Third Party Advisory;VDB Entry
http://www.ubuntu.com/usn/USN-1636-1

Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2012/dsa-2588

Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2012/dsa-2584

Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1681-4

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2012-5829

Debian » Debian Linux » Version: 6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.3
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2 For Vmware
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions before (<) 17.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions before (<) 17.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions before (<) 2.14
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr
Versions from including (>=) 10.0 and before (<) 10.0.11
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird Esr
Versions from including (>=) 10.0 and before (<) 10.0.11
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Opensuse » Opensuse » Version: 11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.2
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.1
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Matching versions