Vulnerability Description
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 17.0 |
| Mozilla | Seamonkey | < 2.14 |
| Mozilla | Thunderbird | < 17.0 |
| Opensuse | Opensuse | 11.4 |
| Suse | Linux Enterprise Desktop | 10 |
| Suse | Linux Enterprise Server | 10 |
| Suse | Linux Enterprise Software Development Kit | 10 |
| Canonical | Ubuntu Linux | 10.04 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.htmlMailing ListThird Party Advisory
- http://osvdb.org/87593Broken Link
- http://secunia.com/advisories/51369Third Party Advisory
- http://secunia.com/advisories/51370Third Party Advisory
- http://secunia.com/advisories/51381Third Party Advisory
- http://secunia.com/advisories/51434Third Party Advisory
- http://secunia.com/advisories/51439Third Party Advisory
- http://secunia.com/advisories/51440Third Party Advisory
- http://www.mozilla.org/security/announce/2012/mfsa2012-94.htmlVendor Advisory
- http://www.securityfocus.com/bid/56616Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-1636-1Third Party Advisory
FAQ
What is CVE-2012-5836?
CVE-2012-5836 is a vulnerability with a CVSS score of 7.5 (HIGH). Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving ...
How severe is CVE-2012-5836?
CVE-2012-5836 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5836?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Opensuse Opensuse, Suse Linux Enterprise Desktop.