CVE-2012-4188

Sažetak

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
http://osvdb.org/86096
http://rhn.redhat.com/errata/RHSA-2012-1351.html
http://secunia.com/advisories/50856
http://secunia.com/advisories/50892
http://secunia.com/advisories/50904
http://secunia.com/advisories/50935
http://secunia.com/advisories/50936
http://secunia.com/advisories/50984
http://secunia.com/advisories/51181
http://secunia.com/advisories/55318
http://www.debian.org/security/2012/dsa-2565
http://www.debian.org/security/2012/dsa-2569
http://www.debian.org/security/2012/dsa-2572
http://www.mandriva.com/security/advisories?name=MDVSA-2012:163
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html
http://www.ubuntu.com/usn/USN-1611-1
https://bugzilla.mozilla.org/show_bug.cgi?id=787722
https://exchange.xforce.ibmcloud.com/vulnerabilities/79165
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16964

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

21-10-2024 - 13:55

Objavljeno

10-10-2012 - 17:55