Published: 01/02/2012 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Mozilla Firefox 4.x up to and including 9.0, Thunderbird 5.0 up to and including 9.0, and SeaMonkey prior to 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote malicious users to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 4.0
mozilla firefox 4.0.1
mozilla firefox 7.0
mozilla firefox 5.0
mozilla firefox 5.0.1
mozilla firefox 8.0
mozilla firefox 6.0.1
mozilla firefox 6.0.2
mozilla firefox 6.0
mozilla firefox 8.0.1
mozilla firefox 9.0
mozilla thunderbird 6.0.2
mozilla thunderbird 6.0.1
mozilla thunderbird 6.0
mozilla thunderbird 7.0
mozilla thunderbird 5.0
mozilla thunderbird 8.0
mozilla thunderbird 9.0
mozilla seamonkey 2.7
mozilla seamonkey 2.6.1
mozilla seamonkey 2.5
mozilla seamonkey 2.4
mozilla seamonkey 2.3.3
mozilla seamonkey 2.
mozilla seamonkey 2.2
mozilla seamonkey 2.1
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.11
mozilla seamonkey
mozilla seamonkey 2.6
mozilla seamonkey 2.4.1
mozilla seamonkey 2.3
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.4
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.2
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.2
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.4
mozilla seamonkey 1.0.9
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.2
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.6
mozilla seamonkey 2.3.2
mozilla seamonkey 2.3.1
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.7
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.9
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.1
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.4

Several security issues were fixed in Firefox ...

This update provides compatible ubufox and webfav packages for the latest Firefox ...

This update provides compatible Mozvoikko packages for the latest Firefox ...

Several security issues were fixed in Thunderbird ...

Mozilla Foundation Security Advisory 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure Announced January 31, 2012 Reporter Tim Abraldes Impact High Products Firefox, SeaMonkey, T ...

CWE-200 https://bugzilla.mozilla.org/show_bug.cgi?id=710079 http://www.mozilla.org/security/announce/2012/mfsa2012-06.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://secunia.com/advisories/49055 https://exchange.xforce.ibmcloud.com/vulnerabilities/72856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14912 https://nvd.nist.gov https://usn.ubuntu.com/1355-1/

CVE-2012-0447

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect