CVE-2012-0457
Last modified
CVE-2012-0457 is a vulnerability of currently unknown severity. Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.. EPSS estimates a 6.63% chance of exploitation in the next 30 days.
Description
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 3.6.27 |
| Mozilla | Firefox | >= 4.0, <= 10.0 |
| Mozilla | Firefox | 10.0 |
| Mozilla | Firefox | 10.0.1 |
| Mozilla | Firefox | 10.0.2 |
| Mozilla | Thunderbird | >= 1.0, <= 3.1.19 |
| Mozilla | Thunderbird | > 5.0, <= 10.0 |
| Mozilla | Thunderbird Esr | 10.0 |
| Mozilla | Thunderbird Esr | 10.0.1 |
| Mozilla | Thunderbird Esr | 10.0.2 |
| Mozilla | Seamonkey | All versions |
| Mozilla | Seamonkey | 1.0 |
| Mozilla | Seamonkey | 1.0.1 |
| Mozilla | Seamonkey | 1.0.2 |
| Mozilla | Seamonkey | 1.0.3 |
| Mozilla | Seamonkey | 1.0.4 |
| Mozilla | Seamonkey | 1.0.5 |
| Mozilla | Seamonkey | 1.0.6 |
| Mozilla | Seamonkey | 1.0.7 |
| Mozilla | Seamonkey | 1.0.8 |
| Mozilla | Seamonkey | 1.0.9 |
| Mozilla | Seamonkey | 1.1 |
| Mozilla | Seamonkey | 1.1.1 |
| Mozilla | Seamonkey | 1.1.2 |
| Mozilla | Seamonkey | 1.1.3 |
| Mozilla | Seamonkey | 1.1.4 |
| Mozilla | Seamonkey | 1.1.5 |
| Mozilla | Seamonkey | 1.1.6 |
| Mozilla | Seamonkey | 1.1.7 |
| Mozilla | Seamonkey | 1.1.8 |
| Mozilla | Seamonkey | 1.1.9 |
| Mozilla | Seamonkey | 1.1.10 |
| Mozilla | Seamonkey | 1.1.11 |
| Mozilla | Seamonkey | 1.1.12 |
| Mozilla | Seamonkey | 1.1.13 |
| Mozilla | Seamonkey | 1.1.14 |
| Mozilla | Seamonkey | 1.1.15 |
| Mozilla | Seamonkey | 1.1.16 |
| Mozilla | Seamonkey | 1.1.17 |
| Mozilla | Seamonkey | 1.1.18 |
| Mozilla | Seamonkey | 1.1.19 |
| Mozilla | Seamonkey | 1.5.0.8 |
| Mozilla | Seamonkey | 1.5.0.9 |
| Mozilla | Seamonkey | 1.5.0.10 |
| Mozilla | Seamonkey | 2.0 |
| Mozilla | Seamonkey | 2.0.1 |
| Mozilla | Seamonkey | 2.0.2 |
| Mozilla | Seamonkey | 2.0.3 |
| Mozilla | Seamonkey | 2.0.4 |
| Mozilla | Seamonkey | 2.0.5 |
Showing 50 of 73 affected configurations. See NVD for the full list.
References
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlThird Party Advisory
- http://secunia.com/advisories/48495Third Party Advisory
- http://secunia.com/advisories/48496Third Party Advisory
- http://secunia.com/advisories/48513Third Party Advisory
- http://secunia.com/advisories/48553Third Party Advisory
- http://secunia.com/advisories/48561Third Party Advisory
- http://secunia.com/advisories/48624Third Party Advisory
- http://secunia.com/advisories/48629Third Party Advisory
- http://secunia.com/advisories/48823Third Party Advisory
- http://www.mozilla.org/security/announce/2012/mfsa2012-14.htmlThird Party Advisory, Vendor Advisory
- http://www.ubuntu.com/usn/USN-1400-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-3Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-4Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-5Third Party Advisory
- http://www.ubuntu.com/usn/USN-1401-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=720103Issue Tracking, Vendor Advisory
- http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.htmlThird Party Advisory
- http://secunia.com/advisories/48495Third Party Advisory
- http://secunia.com/advisories/48496Third Party Advisory
- http://secunia.com/advisories/48513Third Party Advisory
- http://secunia.com/advisories/48553Third Party Advisory
- http://secunia.com/advisories/48561Third Party Advisory
- http://secunia.com/advisories/48624Third Party Advisory
- http://secunia.com/advisories/48629Third Party Advisory
- http://secunia.com/advisories/48823Third Party Advisory
- http://www.mozilla.org/security/announce/2012/mfsa2012-14.htmlThird Party Advisory, Vendor Advisory
- http://www.ubuntu.com/usn/USN-1400-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-3Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-4Third Party Advisory
- http://www.ubuntu.com/usn/USN-1400-5Third Party Advisory
- http://www.ubuntu.com/usn/USN-1401-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=720103Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-0457?
How severe is CVE-2012-0457?
How do I fix CVE-2012-0457?
Are you affected by CVE-2012-0457?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST