Vulnerability Description
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 3.6.26 |
| Mozilla | Seamonkey | < 2.7 |
| Mozilla | Thunderbird | < 3.1.18 |
| Debian | Debian Linux | 5.0 |
| Opensuse | Opensuse | 11.4 |
| Suse | Linux Enterprise Desktop | 10 |
| Suse | Linux Enterprise Server | 10 |
| Suse | Linux Enterprise Software Development Kit | 10 |
| Canonical | Ubuntu Linux | 10.04 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.htmlMailing ListThird Party Advisory
- http://secunia.com/advisories/48043Third Party Advisory
- http://secunia.com/advisories/48095Third Party Advisory
- http://www.debian.org/security/2012/dsa-2400Third Party Advisory
- http://www.debian.org/security/2012/dsa-2402Third Party Advisory
- http://www.debian.org/security/2012/dsa-2406Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:013Third Party Advisory
- http://www.mozilla.org/security/announce/2012/mfsa2012-07.htmlVendor Advisory
- http://www.securityfocus.com/bid/51753Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-1370-1Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=719612ExploitIssue TrackingPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72858Third Party AdvisoryVDB Entry
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
FAQ
What is CVE-2012-0444?
CVE-2012-0444 is a vulnerability with a CVSS score of 10.0 (HIGH). Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote a...
How severe is CVE-2012-0444?
CVE-2012-0444 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0444?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Debian Debian Linux, Opensuse Opensuse.