| Vulnerability Name: | CCN-80195 | ||||||
| Published: | 2012-11-20 | ||||||
| Updated: | 2012-11-20 | ||||||
| Summary: | Mozilla Firefox, Thunderbird, and SeaMonkey are vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the nsWindow::OnExposeEvent() function. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. | ||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
| CVSS v2 Severity: | 9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: SA51358 Mozilla Firefox / Thunderbird Multiple Vulnerabilities Source: CCN Type: SA51381 Mozilla SeaMonkey Multiple Vulnerabilities Source: CCN Type: SA51382 Mozilla Firefox / Thunderbird Multiple Vulnerabilities Source: DEBIAN Type: DSA-2583 iceweasel -- several vulnerabilities Source: DEBIAN Type: DSA-2584 iceape -- several vulnerabilities Source: DEBIAN Type: DSA-2588 icedove -- several vulnerabilities Source: CCN Type: MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer Source: CCN Type: OSVDB ID: 87608 Mozilla Multiple Product nsWindow::OnExposeEvent() Function Overflow Source: XF Type: UNKNOWN firefox-onexposeevent-bo(80195) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||