CVE-2012-0456
UnknownEPSS 2.61%
Last modified
CVE-2012-0456 is a vulnerability of currently unknown severity. The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.. EPSS estimates a 2.61% chance of exploitation in the next 30 days.
Description
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 3.6.27 |
| Mozilla | Firefox | >= 4.0, <= 10.0 |
| Mozilla | Firefox | 10.0 |
| Mozilla | Firefox | 10.0.1 |
| Mozilla | Firefox | 10.0.2 |
| Mozilla | Thunderbird | >= 1.0, <= 3.1.19 |
| Mozilla | Thunderbird | > 5.0, <= 10.0 |
| Mozilla | Thunderbird Esr | 10.0 |
| Mozilla | Thunderbird Esr | 10.0.1 |
| Mozilla | Thunderbird Esr | 10.0.2 |
| Mozilla | Seamonkey | All versions |
| Mozilla | Seamonkey | 1.0 |
| Mozilla | Seamonkey | 1.0.1 |
| Mozilla | Seamonkey | 1.0.2 |
| Mozilla | Seamonkey | 1.0.3 |
| Mozilla | Seamonkey | 1.0.4 |
| Mozilla | Seamonkey | 1.0.5 |
| Mozilla | Seamonkey | 1.0.6 |
| Mozilla | Seamonkey | 1.0.7 |
| Mozilla | Seamonkey | 1.0.8 |
| Mozilla | Seamonkey | 1.0.9 |
| Mozilla | Seamonkey | 1.1 |
| Mozilla | Seamonkey | 1.1.1 |
| Mozilla | Seamonkey | 1.1.2 |
| Mozilla | Seamonkey | 1.1.3 |
| Mozilla | Seamonkey | 1.1.4 |
| Mozilla | Seamonkey | 1.1.5 |
| Mozilla | Seamonkey | 1.1.6 |
| Mozilla | Seamonkey | 1.1.7 |
| Mozilla | Seamonkey | 1.1.8 |
| Mozilla | Seamonkey | 1.1.9 |
| Mozilla | Seamonkey | 1.1.10 |
| Mozilla | Seamonkey | 1.1.11 |
| Mozilla | Seamonkey | 1.1.12 |
| Mozilla | Seamonkey | 1.1.13 |
| Mozilla | Seamonkey | 1.1.14 |
| Mozilla | Seamonkey | 1.1.15 |
| Mozilla | Seamonkey | 1.1.16 |
| Mozilla | Seamonkey | 1.1.17 |
| Mozilla | Seamonkey | 1.1.18 |
| Mozilla | Seamonkey | 1.1.19 |
| Mozilla | Seamonkey | 1.5.0.8 |
| Mozilla | Seamonkey | 1.5.0.9 |
| Mozilla | Seamonkey | 1.5.0.10 |
| Mozilla | Seamonkey | 2.0 |
| Mozilla | Seamonkey | 2.0.1 |
| Mozilla | Seamonkey | 2.0.2 |
| Mozilla | Seamonkey | 2.0.3 |
| Mozilla | Seamonkey | 2.0.4 |
| Mozilla | Seamonkey | 2.0.5 |
Showing 50 of 73 affected configurations. See NVD for the full list.
References
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlThird Party Advisory
- http://secunia.com/advisories/48495Third Party Advisory
- http://secunia.com/advisories/48496Third Party Advisory
- http://secunia.com/advisories/48513Third Party Advisory
- http://secunia.com/advisories/48553Third Party Advisory
- http://secunia.com/advisories/48561Third Party Advisory
- http://secunia.com/advisories/48624Third Party Advisory
- http://secunia.com/advisories/48629Third Party Advisory
- http://secunia.com/advisories/48823Third Party Advisory
- http://secunia.com/advisories/48920Third Party Advisory
- http://www.debian.org/security/2012/dsa-2433Third Party Advisory
- http://www.mozilla.org/security/announce/2012/mfsa2012-14.htmlThird Party Advisory, Vendor Advisory
- http://www.ubuntu.com/usn/USN-1400-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-3Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-4Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-5Third Party Advisory
- http://www.ubuntu.com/usn/USN-1401-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=711653Issue Tracking, Vendor Advisory
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlThird Party Advisory
- http://secunia.com/advisories/48495Third Party Advisory
- http://secunia.com/advisories/48496Third Party Advisory
- http://secunia.com/advisories/48513Third Party Advisory
- http://secunia.com/advisories/48553Third Party Advisory
- http://secunia.com/advisories/48561Third Party Advisory
- http://secunia.com/advisories/48624Third Party Advisory
- http://secunia.com/advisories/48629Third Party Advisory
- http://secunia.com/advisories/48823Third Party Advisory
- http://secunia.com/advisories/48920Third Party Advisory
- http://www.debian.org/security/2012/dsa-2433Third Party Advisory
- http://www.mozilla.org/security/announce/2012/mfsa2012-14.htmlThird Party Advisory, Vendor Advisory
- http://www.ubuntu.com/usn/USN-1400-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-3Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-4Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-5Third Party Advisory
- http://www.ubuntu.com/usn/USN-1401-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=711653Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-0456?
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.
How severe is CVE-2012-0456?
Severity scoring for CVE-2012-0456 is pending analysis. The EPSS model estimates a 2.61% probability of exploitation in the next 30 days.
How do I fix CVE-2012-0456?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2012-0456?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST