Vulnerabilities > CVE-2012-0452 - Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1360-1.NASL description Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0452). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57934 published 2012-02-14 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57934 title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerability (USN-1360-1) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_10_0_1.NASL description The installed version of Thunderbird 10.x is earlier than 10.0.1 and is, therefore, potentially affected by a memory corruption vulnerability. A use-after-free error exists in the method last seen 2020-06-01 modified 2020-06-02 plugin id 58071 published 2012-02-21 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58071 title Thunderbird 10.x < 10.0.1 Memory Corruption (Mac OS X) NASL family Windows NASL id MOZILLA_THUNDERBIRD_1001.NASL description The installed version of Thunderbird 10.x is earlier than 10.0.1 and is, therefore, potentially affected by a memory corruption vulnerability. A use-after-free error exists in the method last seen 2020-06-01 modified 2020-06-02 plugin id 57920 published 2012-02-13 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57920 title Mozilla Thunderbird 10.x < 10.0.1 Memory Corruption NASL family Windows NASL id SEAMONKEY_271.NASL description The installed version of SeaMonkey is earlier than 2.7.1. Such versions are potentially affected by a memory corruption vulnerability. A use-after-free error exists in the method last seen 2020-06-01 modified 2020-06-02 plugin id 57921 published 2012-02-13 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57921 title SeaMonkey < 2.7.1 Memory Corruption NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-120213.NASL description Mozilla Firefox was updated to 10.0.1 to fix critical bugs and security issue. The following security issue has been fixed : - Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. (CVE-2012-0452) Firefox 9 and earlier are not affected by this vulnerability. https://www.mozilla.org/security/announce/2012/mfsa2012-10.html last seen 2020-06-05 modified 2012-02-16 plugin id 57970 published 2012-02-16 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57970 title SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5807) NASL family Windows NASL id MOZILLA_FIREFOX_1001.NASL description The installed version of Firefox 10.x is earlier than 10.0.1 and is, therefore, potentially affected by a memory corruption vulnerability. A use-after-free error exists in the method last seen 2020-06-01 modified 2020-06-02 plugin id 57919 published 2012-02-13 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57919 title Firefox 10.x < 10.0.1 Memory Corruption NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_10_0_1.NASL description The installed version of Firefox is earlier than 10.0.1 and is, therefore, potentially affected by a memory corruption vulnerability. A use-after-free error exists in the method last seen 2020-06-01 modified 2020-06-02 plugin id 58070 published 2012-02-21 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58070 title Firefox < 10.0.1 Memory Corruption (Mac OS X) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-254.NASL description Changes in xulrunner : - update to 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory Changes in MozillaFirefox : - update to Firefox 12.0 (bnc#758408) - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes - mozilla-gcc47.patch - disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications Changes in MozillaThunderbird : - update to Thunderbird 12.0 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update Enigmail to 1.4.1 - added mozilla-revert_621446.patch - added mozilla-libnotify.patch (bmo#737646) - added mailnew-showalert.patch (bmo#739146) - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 - disabled crashreporter temporarily for Factory (gcc 4.7 issue) Changes in seamonkey : - update to SeaMonkey 2.9 (bnc#758408) - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface - MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors - MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite - MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error - MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS - MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions - MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues - MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D - MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer - MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by JavaScript errors - MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - update to 2.9b4 - added mozilla-sle11.patch and add exceptions to be able to build for SLE11/11.1 - exclude broken gl locale from build - fixed build on 11.2-x86_64 by adding mozilla-revert_621446.patch - added mozilla-gcc47.patch and mailnews-literals.patch to fix compilation issues with recent gcc 4.7 last seen 2020-06-05 modified 2014-06-13 plugin id 74612 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74612 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_EBA9AA94549C11E1B6B70011856A6E37.NASL description The Mozilla Project reports : MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings last seen 2020-06-01 modified 2020-06-02 plugin id 57911 published 2012-02-13 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57911 title FreeBSD : mozilla -- use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings (eba9aa94-549c-11e1-b6b7-0011856a6e37) NASL family SuSE Local Security Checks NASL id SUSE_11_4_MOZILLAFIREFOX-120213.NASL description MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. Firefox 9 and earlier are not affected by this vulnerability. https://www.mozilla.org/security/announce/2012/mfsa2012-10.html last seen 2020-06-05 modified 2014-06-13 plugin id 75952 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75952 title openSUSE Security Update : MozillaFirefox (MozillaFirefox-5799) NASL family SuSE Local Security Checks NASL id SUSE_11_4_SEAMONKEY-120213.NASL description SeaMonkey was updated to 2.7.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. Firefox 9 and earlier are not affected by this vulnerability. https://www.mozilla.org/security/announce/2012/mfsa2012-10.html last seen 2020-06-05 modified 2014-06-13 plugin id 76027 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76027 title openSUSE Security Update : seamonkey (seamonkey-5804) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-017.NASL description Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector last seen 2020-06-01 modified 2020-06-02 plugin id 57912 published 2012-02-13 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57912 title Mandriva Linux Security Advisory : firefox (MDVSA-2012:017) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-92.NASL description Changes in MozillaFirefox : - update to Firefox 10.0.1 (bnc#746616) - MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) Changes in MozillaThunderbird : - update to version 10.0.1 (bnc#746616) - MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) Changes in seamonkey : - update to SeaMonkey 2.7.1 (bnc#746616) - MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) Changes in xulrunner : - update to version 10.0.1 (bnc#746616) - MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) last seen 2020-06-05 modified 2014-06-13 plugin id 74857 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74857 title openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-2012-92) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-018.NASL description Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector last seen 2020-06-01 modified 2020-06-02 plugin id 61944 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61944 title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2012:018) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1369-1.NASL description Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0449) It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0444) Tim Abraldes discovered that when encoding certain image types the resulting data was always a fixed size. There is the possibility of sensitive data from uninitialized memory being appended to these images. (CVE-2012-0447) It was discovered that Thunderbird did not properly perform XPConnect security checks. An attacker could exploit this to conduct cross-site scripting (XSS) attacks through web pages and Thunderbird extensions. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0446) It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2011-3659) Alex Dvorov discovered that Thunderbird did not properly handle sub-frames in form submissions. An attacker could exploit this to conduct phishing attacks using HTML5 frames. (CVE-2012-0445) Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0442, CVE-2012-0443) Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0452) Jueri Aedla discovered that libpng, which is in Thunderbird, did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 58037 published 2012-02-20 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58037 title Ubuntu 11.10 : thunderbird vulnerabilities (USN-1369-1) NASL family SuSE Local Security Checks NASL id SUSE_11_MOZILLAFIREFOX-120214.NASL description Mozilla Firefox was updated to 10.0.1 to fix critical bugs and security issue. The following security issue has been fixed : - Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, when the cycle collector reads this hash table and attempts to do a virtual method on this binding a crash will occur. This crash may be potentially exploitable. (CVE-2012-0452) Firefox 9 and earlier are not affected by this vulnerability. https://www.mozilla.org/security/announce/2012/mfsa2012-10.html last seen 2020-06-05 modified 2012-02-16 plugin id 57971 published 2012-02-16 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57971 title SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5807) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201301-01.NASL description The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL’s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser’s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 63402 published 2013-01-08 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63402 title GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
Oval
| accepted | 2014-10-06T04:01:43.707-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| description | Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. | ||||||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:15017 | ||||||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2012-02-17T15:25:34.000-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||
| title | Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. | ||||||||||||||||||||||||||||||||||||||||||||||||
| version | 36 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 51975 CVE ID: CVE-2012-0452 Firefox是一款非常流行的开源WEB浏览器。Thunderbird是一个邮件客户端,支持IMAP、POP邮件协议以及HTML邮件格式。SeaMonkey是开源的Web浏览器、邮件和新闻组客户端、IRC会话客户端和HTML编辑器。 Mozilla Firefox 10.0.1、Thunderbird 10.0.1、SeaMonkey 2.7之前版本在实现上存在内存破坏漏洞,在处理哈希表单中的XBL绑定时, "nsXBLDocumentInfo::ReadPrototypeBindings()"方法中存在释放后重用漏洞,可造成循环收集器调用无效虚拟函数。 0 Mozilla Firefox 10.x Mozilla Thunderbird 10.x Mozilla SeaMonkey 2.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/ |
| id | SSV:30109 |
| last seen | 2017-11-19 |
| modified | 2012-02-14 |
| published | 2012-02-14 |
| reporter | Root |
| title | Mozilla Firefox/Thunderbird/SeaMonkey "ReadPrototypeBindings()"内存破坏漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00013.html
- http://secunia.com/advisories/48110
- http://secunia.com/advisories/49055
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:017
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:018
- http://www.mozilla.org/security/announce/2012/mfsa2012-10.html
- http://www.securityfocus.com/bid/51975
- http://www.ubuntu.com/usn/USN-1360-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=724284
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15017