Vulnerability Name: CVE-2012-0454 (CCN-73989) Assigned: 2012-03-13 Published: 2012-03-13 Updated: 2018-10-30 Summary: Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-399 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2012-0454 SUSE-SU-2012:0424 Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities 48402 Mozilla Firefox / Thunderbird Multiple Vulnerabilities Pale Moon Multiple Vulnerabilities 48561 48629 MDVSA-2012:032 Use-after-free in shlwapi.dll http://www.mozilla.org/security/announce/2012/mfsa2012-12.html Mozilla Multiple Product shlwapi.dll Use-after-free Child Window Closing File Open Dialog Remote Code Execution Pale Moon: Release notes for version 11 Mozilla Firefox/Thunderbird/SeaMonkey 'shlwapi.dll' Use-After-Free Memory Corruption Vulnerability 1026801 1026803 1026804 https://bugzilla.mozilla.org/show_bug.cgi?id=684555 firefox-shlwapi-code-execution(73989) oval:org.mitre.oval:def:14258 Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:4.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta10:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta11:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta12:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta3:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta4:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta5:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta6:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta7:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta8:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0:beta9:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:4.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:5.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:6.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:6.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:6.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:7.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:7.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:8.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:8.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:9.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:9.0.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* Configuration 2 :cpe:/a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox_esr:10.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox_esr:10.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* Configuration 3 :cpe:/a:mozilla:thunderbird:5.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:6.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:7.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:8.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:9.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* Configuration 4 :cpe:/a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* Configuration 5 :cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:*:beta5:*:*:*:*:*:* (Version <= 2.7) AND cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:seamonkey:2.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:10.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:10.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:2.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox_esr:10.0.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird_esr:10.0.10:*:*:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.opensuse.security:def:20120454 V CVE-2012-0454 2022-05-20 oval:org.mitre.oval:def:14258 V Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. 2014-10-06
BACK
mozilla firefox 4.0
mozilla firefox 4.0 beta1
mozilla firefox 4.0 beta10
mozilla firefox 4.0 beta11
mozilla firefox 4.0 beta12
mozilla firefox 4.0 beta2
mozilla firefox 4.0 beta3
mozilla firefox 4.0 beta4
mozilla firefox 4.0 beta5
mozilla firefox 4.0 beta6
mozilla firefox 4.0 beta7
mozilla firefox 4.0 beta8
mozilla firefox 4.0 beta9
mozilla firefox 4.0.1
mozilla firefox 5.0
mozilla firefox 5.0.1
mozilla firefox 6.0
mozilla firefox 6.0.1
mozilla firefox 6.0.2
mozilla firefox 7.0
mozilla firefox 7.0.1
mozilla firefox 8.0
mozilla firefox 8.0.1
mozilla firefox 9.0
mozilla firefox 9.0.1
microsoft windows 7 -
mozilla firefox esr 10.0
mozilla firefox esr 10.1
mozilla firefox esr 10.2
microsoft windows 7 -
mozilla thunderbird 5.0
mozilla thunderbird 6.0
mozilla thunderbird 6.0.1
mozilla thunderbird 6.0.2
mozilla thunderbird 7.0
mozilla thunderbird 7.0.1
mozilla thunderbird 8.0
mozilla thunderbird 9.0
mozilla thunderbird 9.0.1
microsoft windows 7 -
mozilla thunderbird esr 10.0
mozilla thunderbird esr 10.0.1
mozilla thunderbird esr 10.0.2
microsoft windows 7 -
mozilla seamonkey 1.0
mozilla seamonkey 1.0 alpha
mozilla seamonkey 1.0 beta
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1
mozilla seamonkey 1.1 alpha
mozilla seamonkey 1.1 beta
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.9
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.19
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 1.5.0.10
mozilla seamonkey 2.0
mozilla seamonkey 2.0 alpha_1
mozilla seamonkey 2.0 alpha_2
mozilla seamonkey 2.0 alpha_3
mozilla seamonkey 2.0 beta_1
mozilla seamonkey 2.0 beta_2
mozilla seamonkey 2.0 rc1
mozilla seamonkey 2.0 rc2
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0.14
mozilla seamonkey 2.1
mozilla seamonkey 2.1 alpha1
mozilla seamonkey 2.1 alpha2
mozilla seamonkey 2.1 alpha3
mozilla seamonkey 2.1 beta1
mozilla seamonkey 2.1 beta2
mozilla seamonkey 2.1 beta3
mozilla seamonkey 2.1 rc1
mozilla seamonkey 2.1 rc2
mozilla seamonkey 2.2
mozilla seamonkey 2.2 beta1
mozilla seamonkey 2.2 beta2
mozilla seamonkey 2.2 beta3
mozilla seamonkey 2.3
mozilla seamonkey 2.3 beta1
mozilla seamonkey 2.3 beta2
mozilla seamonkey 2.3 beta3
mozilla seamonkey 2.3.1
mozilla seamonkey 2.3.2
mozilla seamonkey 2.3.3
mozilla seamonkey 2.4
mozilla seamonkey 2.4 beta1
mozilla seamonkey 2.4 beta2
mozilla seamonkey 2.4 beta3
mozilla seamonkey 2.4.1
mozilla seamonkey 2.5
mozilla seamonkey 2.5 beta1
mozilla seamonkey 2.5 beta2
mozilla seamonkey 2.5 beta3
mozilla seamonkey 2.5 beta4
mozilla seamonkey 2.6
mozilla seamonkey 2.6 beta1
mozilla seamonkey 2.6 beta2
mozilla seamonkey 2.6 beta3
mozilla seamonkey 2.6 beta4
mozilla seamonkey 2.6.1
mozilla seamonkey 2.7 beta1
mozilla seamonkey 2.7 beta2
mozilla seamonkey 2.7 beta3
mozilla seamonkey 2.7 beta4
mozilla seamonkey * beta5
microsoft windows 7 -
mozilla seamonkey 2.6
mozilla firefox 10.0
mozilla thunderbird 10.0
mozilla seamonkey 2.7
mozilla firefox esr 10.0.10
mozilla thunderbird esr 10.0.10
Denotes that component is vulnerable