Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Mozilla
  • Firefox
  • Firefox Esr
  • Seamonkey
  • Thunderbird
  • Thunderbird Esr
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux Server
  • Enterprise Linux Workstation
Suse
  • Linux Enterprise Desktop
  • Linux Enterprise Sdk
  • Linux Enterprise Server

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_sdk:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
firefox-0:10.0.8-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:1350 2012-10-09T00:00:00Z
xulrunner-0:10.0.8-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:1350 2012-10-09T00:00:00Z
thunderbird-0:10.0.8-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:1351 2012-10-09T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:10.0.8-1.el6_3 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:1350 2012-10-09T00:00:00Z
xulrunner-0:10.0.8-1.el6_3 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:1350 2012-10-09T00:00:00Z
thunderbird-0:10.0.8-1.el6_3 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:1351 2012-10-09T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html cve-icon cve-icon
http://osvdb.org/86096 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-1351.html cve-icon cve-icon
http://secunia.com/advisories/50856 cve-icon cve-icon
http://secunia.com/advisories/50892 cve-icon cve-icon
http://secunia.com/advisories/50904 cve-icon cve-icon
http://secunia.com/advisories/50935 cve-icon cve-icon
http://secunia.com/advisories/50936 cve-icon cve-icon
http://secunia.com/advisories/50984 cve-icon cve-icon
http://secunia.com/advisories/51181 cve-icon cve-icon
http://secunia.com/advisories/55318 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2565 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2569 cve-icon cve-icon
http://www.debian.org/security/2012/dsa-2572 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2012:163 cve-icon cve-icon
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html cve-icon cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1611-1 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=787722 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/79165 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-4188 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16964 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-4188 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-10T17:00:00

Updated: 2024-08-06T20:28:07.581Z

Reserved: 2012-08-08T00:00:00

Link: CVE-2012-4188

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2012-10-10T17:55:02.610

Modified: 2020-08-13T19:29:47.350

Link: CVE-2012-4188

cve-icon Redhat

Severity : Critical

Publid Date: 2012-10-09T00:00:00Z

Links: CVE-2012-4188 - Bugzilla