Oval Definition:oval:org.mitre.oval:def:16246
Revision Date:2014-10-06Version:28
Title:Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.
Description:Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-3966
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla Firefox ESR
Mozilla SeaMonkey
Mozilla Thunderbird
Mozilla Thunderbird ESR
Definition Synopsis
  • Check for vulnerable Thunderbird
  • Mozilla Thunderbird Mainline release is installed
  • AND Determine if the version of Mozilla Thunderbird is less than or equal to 14.0
  • AND Determine if the version of Mozilla Thunderbird is greater than or equal to 1.0
  • Check for vulnerable SeaMonkey
  • Mozilla Seamonkey is installed
  • AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.11
  • AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0
  • Check for vulnerable Firefox
  • Mozilla Firefox Mainline release is installed
  • AND Mozilla Firefox Mainline version is less than or equal to 14.0
  • AND Mozilla Firefox Mainline version is greater than or equal to 1.0
  • OR Check for vulnerable Mozilla Firefox ESR
  • Mozilla Firefox ESR is installed
  • AND Mozilla Firefox ESR version is less than 10.0.7 and greater than or equal to 10.x
  • OR Check for vulnerable Mozilla Thunderbird ESR
  • Mozilla Thunderbird ESR is installed
  • AND Mozilla Thunderbird ESR version is less than 10.0.7 and greater than or equal to 10.x
  • BACK