[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0444Date: (C)2012-02-01   (M)2024-03-27


Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-48043
SECUNIA-48095
BID-51753
DSA-2400
DSA-2402
DSA-2406
MDVSA-2012:013
SUSE-SU-2012:0198
SUSE-SU-2012:0221
USN-1370-1
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
https://bugzilla.mozilla.org/show_bug.cgi?id=719612
mozilla-nschildview-code-exec(72858)
openSUSE-SU-2012:0234
oval:org.mitre.oval:def:14464

CPE    353
cpe:/a:mozilla:firefox:3.6.20
cpe:/a:mozilla:firefox:3.6.21
cpe:/a:mozilla:firefox:3.6.22
cpe:/a:mozilla:firefox:3.6.23
...
OVAL    35
oval:org.secpod.oval:def:400383
oval:org.secpod.oval:def:700775
oval:org.secpod.oval:def:1601299
oval:org.secpod.oval:def:700758
...

© SecPod Technologies