CVE-2012-3963

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-3963
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1210.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1211.html Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html Vendor Advisory
http://www.securityfocus.com/bid/55340 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1548-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1548-2 Third Party Advisory
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=762280 Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16437 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1210.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1211.html Third Party Advisory
http://www.mozilla.org/security/announce/2012/mfsa2012-58.html Vendor Advisory
http://www.securityfocus.com/bid/55340 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1548-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1548-2 Third Party Advisory
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=762280 Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16437 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
History

No history.

Information

Published : 2012-08-29 10:56

Updated : 2025-04-11 00:51

NVD link : CVE-2012-3963

Mitre link : CVE-2012-3963

CVE.ORG link : CVE-2012-3963

JSON object : View

Products Affected

opensuse

  • opensuse

redhat

  • enterprise_linux_workstation
  • enterprise_linux_desktop
  • enterprise_linux_eus
  • enterprise_linux_server
  • enterprise_linux_server_eus

mozilla

  • thunderbird_esr
  • thunderbird
  • firefox
  • seamonkey

suse

  • linux_enterprise_desktop
  • linux_enterprise_server
  • linux_enterprise_software_development_kit

canonical

  • ubuntu_linux
CWE
CWE-416

Use After Free