CVE-2012-1939
CVSS V2 High 9.3
CVSS V3 None
Description
jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.
Overview
- CVE ID
- CVE-2012-1939
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2012-06-05T23:55:01
- Last Modified Date
- 2017-12-29T02:29:14
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 9.3
- Severity
- HIGH
- Exploitability Score
- 8.6
- Impact Score
- 10
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2012-1939 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 18:54:12 | Added to TrackCVE |