Vulnerability Description
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 17.0 |
| Mozilla | Seamonkey | < 2.14 |
| Mozilla | Thunderbird | < 17.0 |
| Opensuse | Opensuse | 11.4 |
| Suse | Linux Enterprise Desktop | 10 |
| Suse | Linux Enterprise Server | 10 |
| Suse | Linux Enterprise Software Development Kit | 10 |
| Canonical | Ubuntu Linux | 10.04 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing ListThird Party Advisory
- http://osvdb.org/87592Broken Link
- http://secunia.com/advisories/51369Third Party Advisory
- http://secunia.com/advisories/51370Third Party Advisory
- http://secunia.com/advisories/51381Third Party Advisory
- http://secunia.com/advisories/51434Third Party Advisory
- http://secunia.com/advisories/51439Third Party Advisory
- http://secunia.com/advisories/51440Third Party Advisory
- http://www.mozilla.org/security/announce/2012/mfsa2012-96.htmlVendor Advisory
- http://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-1638-1Third Party Advisory
FAQ
What is CVE-2012-4204?
CVE-2012-4204 is a vulnerability with a CVSS score of 9.3 (HIGH). The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denia...
How severe is CVE-2012-4204?
CVE-2012-4204 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4204?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Opensuse Opensuse, Suse Linux Enterprise Desktop.