PT-2012-2578 · Mozilla+3 · Firefox+7
Atte Kettunen
·
Published
2012-03-13
·
Updated
2024-10-21
·
CVE-2012-0457
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions 4.x through 10.0
Mozilla Firefox version 3.6.28 and earlier
Firefox ESR 10.x versions prior to 10.0.3
Thunderbird versions 5.0 through 10.0
Thunderbird version 3.1.20 and earlier
Thunderbird ESR 10.x versions prior to 10.0.3
SeaMonkey version 2.8 and earlier
Description
A use-after-free issue in the
nsSMILTimeValueSpec::ConvertBetweenTimeContainer function might allow remote attackers to execute arbitrary code via an SVG animation.Recommendations
For Mozilla Firefox versions 4.x through 10.0, update to a version after 10.0.
For Mozilla Firefox version 3.6.28 and earlier, update to a version after 3.6.28.
For Firefox ESR 10.x versions prior to 10.0.3, update to version 10.0.3 or later.
For Thunderbird versions 5.0 through 10.0, update to a version after 10.0.
For Thunderbird version 3.1.20 and earlier, update to a version after 3.1.20.
For Thunderbird ESR 10.x versions prior to 10.0.3, update to version 10.0.3 or later.
For SeaMonkey version 2.8 and earlier, update to a version after 2.8.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Firefox Esr
Firefox
Red Hat
Seamonkey
Suse
Thunderbird
Thunderbird Esr