VIR Vulnerability Intelligence Relay

CVE-2012-0470

critical
Published 2012-04-25 · Modified 2026-04-29
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.mozilla.org/security/announce/2012/mfsa2012-23.html

Application impact
VendorProductVersionsFixed
mozillafirefox4.0
mozillafirefox4.0.1
mozillafirefox5.0
mozillafirefox5.0.1
mozillafirefox6.0
mozillafirefox6.0.1
mozillafirefox6.0.2
mozillafirefox7.0
mozillafirefox7.0.1
mozillafirefox8.0
mozillafirefox8.0.1
mozillafirefox9.0
mozillafirefox9.0.1
mozillafirefox10.0
mozillafirefox10.0.1
mozillafirefox10.0.2
mozillafirefox11.0
mozillafirefox10.0.3
mozillathunderbird5.0
mozillathunderbird6.0
mozillathunderbird6.0.1
mozillathunderbird6.0.2
mozillathunderbird7.0
mozillathunderbird7.0.1
mozillathunderbird8.0
mozillathunderbird9.0
mozillathunderbird9.0.1
mozillathunderbird10.0
mozillathunderbird10.0.1
mozillathunderbird10.0.2
mozillathunderbird10.0.3
mozillathunderbird10.0.4
mozillathunderbird11.0
mozillathunderbird_esr10.0
mozillathunderbird_esr10.0.1
mozillathunderbird_esr10.0.2
mozillathunderbird_esr10.0.3
mozillathunderbird_esr10.0.4
mozillaseamonkey{"endIncluding":"2.9"}
mozillaseamonkey1.0
mozillaseamonkey1.0.1
mozillaseamonkey1.0.2
mozillaseamonkey1.0.3
mozillaseamonkey1.0.4
mozillaseamonkey1.0.5
mozillaseamonkey1.0.6
mozillaseamonkey1.0.7
mozillaseamonkey1.0.8
mozillaseamonkey1.0.9
mozillaseamonkey1.1
mozillaseamonkey1.1.1
mozillaseamonkey1.1.2
mozillaseamonkey1.1.3
mozillaseamonkey1.1.4
mozillaseamonkey1.1.5
mozillaseamonkey1.1.6
mozillaseamonkey1.1.7
mozillaseamonkey1.1.8
mozillaseamonkey1.1.9
mozillaseamonkey1.1.10
mozillaseamonkey1.1.11
mozillaseamonkey1.1.12
mozillaseamonkey1.1.13
mozillaseamonkey1.1.14
mozillaseamonkey1.1.15
mozillaseamonkey1.1.16
mozillaseamonkey1.1.17
mozillaseamonkey1.1.18
mozillaseamonkey1.1.19
mozillaseamonkey1.5.0.8
mozillaseamonkey1.5.0.9
mozillaseamonkey1.5.0.10
mozillaseamonkey2.0
mozillaseamonkey2.0.1
mozillaseamonkey2.0.2
mozillaseamonkey2.0.3
mozillaseamonkey2.0.4
mozillaseamonkey2.0.5
mozillaseamonkey2.0.6
mozillaseamonkey2.0.7
mozillaseamonkey2.0.8
mozillaseamonkey2.0.9
mozillaseamonkey2.0.10
mozillaseamonkey2.0.11
mozillaseamonkey2.0.12
mozillaseamonkey2.0.13
mozillaseamonkey2.0.14
mozillaseamonkey2.1
mozillaseamonkey2.2
mozillaseamonkey2.3
mozillaseamonkey2.3.1
mozillaseamonkey2.3.2
mozillaseamonkey2.3.3
mozillaseamonkey2.4
mozillaseamonkey2.4.1
mozillaseamonkey2.5
mozillaseamonkey2.6
mozillaseamonkey2.6.1
mozillaseamonkey2.7
mozillaseamonkey2.7.1
mozillaseamonkey2.7.2
mozillaseamonkey2.8
mozillaseamonkey2.9

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.