Published: 29/08/2012 Updated: 26/08/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, Thunderbird prior to 15.0, Thunderbird ESR 10.x prior to 10.0.7, and SeaMonkey prior to 2.12 allows remote malicious users to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla seamonkey
mozilla thunderbird
mozilla firefox esr
mozilla thunderbird esr
suse linux enterprise desktop 11
opensuse opensuse 12.2
suse linux enterprise server 11
suse linux enterprise software development kit 11
suse linux enterprise desktop 10
suse linux enterprise server 10
redhat enterprise linux server 5.0
redhat enterprise linux workstation 5.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux desktop 5.0
redhat enterprise linux server eus 6.3
redhat enterprise linux eus 6.3
canonical ubuntu linux 11.04
canonical ubuntu linux 11.10
canonical ubuntu linux 12.04
canonical ubuntu linux 10.04

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulne ...

Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Topic An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact C ...

USN-1548-1 introduced a regression in Firefox ...

Multiple security issues were fixed in Thunderbird ...

Multiple security issues were fixed in Firefox ...

USN-1551-1 introduced regressions in Thunderbird ...

Mozilla Foundation Security Advisory 2012-58 Use-after-free issues found using Address Sanitizer Announced August 28, 2012 Reporter Abhishek Arya Impact Critical Products Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderb ...

CWE-416 https://bugzilla.mozilla.org/show_bug.cgi?id=771976 http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.ubuntu.com/usn/USN-1548-2 http://www.ubuntu.com/usn/USN-1548-1 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://www.securityfocus.com/bid/55325 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16853 https://access.redhat.com/errata/RHSA-2012:1210 https://nvd.nist.gov https://usn.ubuntu.com/1548-2/

CVE-2012-3960

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect