CVE-2012-0444

CVSS V2 High 10 CVSS V3 None
Description
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
Overview
  • CVE ID
  • CVE-2012-0444
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2012-02-01T16:55:01
  • Last Modified Date
  • 2020-08-28T13:12:55
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 1 OR 3.6.26
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 1 OR 4.0 10.0
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* 1 OR 2.7
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* 1 OR 3.1.18
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* 1 OR 5.0 10.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
References
Reference URL Reference Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=719612 Exploit Issue Tracking Patch Vendor Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html Vendor Advisory
http://www.debian.org/security/2012/dsa-2400 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 Third Party Advisory
http://www.securityfocus.com/bid/51753 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/72858 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464 Third Party Advisory
http://www.debian.org/security/2012/dsa-2406 Third Party Advisory
http://www.debian.org/security/2012/dsa-2402 Third Party Advisory
http://secunia.com/advisories/48095 Third Party Advisory
http://secunia.com/advisories/48043 Third Party Advisory
http://www.ubuntu.com/usn/USN-1370-1 Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-0444
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
History
Created Old Value New Value Data Type Notes
2022-05-10 16:28:01 Added to TrackCVE