PT-2012-2573 · Mozilla+1 · Firefox+3

Andrew Mccreight

Publicado

2012-02-10

Atualizado

2024-12-12

CVE-2012-0452

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 10.x through 10.0 Thunderbird versions 10.x through 10.0 SeaMonkey version 2.7

Description The issue is related to a use-after-free vulnerability that can be triggered by vectors causing failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call. This is tied to the cycle collector's access to a hash table containing a stale XBL binding, potentially allowing remote attackers to cause a denial of service or possibly execute arbitrary code.

Recommendations For Mozilla Firefox versions 10.x through 10.0, update to version 10.0.1 or later. For Thunderbird versions 10.x through 10.0, update to version 10.0.1 or later. For SeaMonkey version 2.7, update to a version that includes the fix for this issue.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CVE-2012-0452

OPENSUSE-SU-2012_0258-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2012_0261-1

Produtos afetados

Firefox

Seamonkey

Suse

Thunderbird

PT-2012-2573 · Mozilla+1 · Firefox+3

CVE-2012-0452

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3098