CVE Vulnerabilities

CVE-2012-0464

Published: Mar 14, 2012 | Modified: Jan 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
6.8 CRITICAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 3.6.27 (including)
Red Hat Enterprise Linux 5 RedHat firefox-0:10.0.3-1.el5_8 *
Red Hat Enterprise Linux 5 RedHat xulrunner-0:10.0.3-1.el5_8 *
Red Hat Enterprise Linux 5 RedHat thunderbird-0:10.0.3-1.el5_8 *
Red Hat Enterprise Linux 6 RedHat firefox-0:10.0.3-1.el6_2 *
Red Hat Enterprise Linux 6 RedHat xulrunner-0:10.0.3-1.el6_2 *
Red Hat Enterprise Linux 6 RedHat thunderbird-0:10.0.3-1.el6_2 *
Firefox Ubuntu hardy *
Firefox Ubuntu lucid *
Firefox Ubuntu maverick *
Firefox Ubuntu natty *
Firefox Ubuntu oneiric *
Seamonkey Ubuntu hardy *
Seamonkey Ubuntu lucid *
Seamonkey Ubuntu maverick *
Seamonkey Ubuntu natty *
Seamonkey Ubuntu oneiric *
Thunderbird Ubuntu hardy *
Thunderbird Ubuntu lucid *
Thunderbird Ubuntu maverick *
Thunderbird Ubuntu natty *
Thunderbird Ubuntu oneiric *
Xulrunner-1.9.2 Ubuntu hardy *
Xulrunner-1.9.2 Ubuntu lucid *
Xulrunner-1.9.2 Ubuntu maverick *
Xulrunner-1.9.2 Ubuntu natty *
Xulrunner-2.0 Ubuntu natty *

References