CVE-2012-1970
Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=778765
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=777806
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=775206
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=764176
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=761831
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=758408
Vendor advisory: cve@mitre.org — https://bugzilla.mozilla.org/show_bug.cgi?id=745158
Vendor advisory: cve@mitre.org — http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| ubuntu | 10.04 | affected | |
| ubuntu | 11.04 | affected | |
| ubuntu | 11.10 | affected | |
| ubuntu | 12.04 | affected | |
| suse | 12.2 | affected | |
| suse | 10 | affected | |
| suse | 11 | affected | |
| debian | 6.0 | affected | |
| debian | 7.0 | affected | |
| rhel | 5.0 | affected | |
| rhel | 6.0 | affected | |
| rhel | 6.3 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endExcluding":"15.0"} | 15.0 |
| mozilla | seamonkey | {"endExcluding":"2.12"} | 2.12 |
| mozilla | thunderbird | {"endExcluding":"15.0"} | 15.0 |
| mozilla | thunderbird_esr | {"startIncluding":"10.0","endExcluding":"10.0.7"} | 10.0.7 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2012-1210.html
- http://rhn.redhat.com/errata/RHSA-2012-1211.html
- http://www.debian.org/security/2012/dsa-2553
- http://www.debian.org/security/2012/dsa-2554
- http://www.debian.org/security/2012/dsa-2556
- http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
- http://www.securityfocus.com/bid/55266
- http://www.ubuntu.com/usn/USN-1548-1
- http://www.ubuntu.com/usn/USN-1548-2
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://bugzilla.mozilla.org/show_bug.cgi?id=745158
- https://bugzilla.mozilla.org/show_bug.cgi?id=758408
- https://bugzilla.mozilla.org/show_bug.cgi?id=761831
- https://bugzilla.mozilla.org/show_bug.cgi?id=764176
- https://bugzilla.mozilla.org/show_bug.cgi?id=775206
- https://bugzilla.mozilla.org/show_bug.cgi?id=777806
- https://bugzilla.mozilla.org/show_bug.cgi?id=778765
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2012-1210.html
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.