Executive Summary

Informations
NameCVE-2012-0454First vendor Publication2012-03-14
VendorCveLast vendor Modification2012-10-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0454

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14258
 
Oval ID: oval:org.mitre.oval:def:14258
Title: Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.
Description: Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0454
Version: 22
Platform(s): Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application25
Application3
Application100
Application9
Application3

OpenVAS Exploits

DateDescription
2012-08-03Name : Mandriva Update for mozilla MDVSA-2012:032 (mozilla)
File : nvt/gb_mandriva_MDVSA_2012_032.nasl
2012-08-03Name : Mandriva Update for mozilla MDVSA-2012:032-1 (mozilla)
File : nvt/gb_mandriva_MDVSA_2012_032_1.nasl
2012-03-20Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Mac OS X 01)
File : nvt/gb_mozilla_prdts_mult_vuln_mar12_macosx01.nasl
2012-03-19Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Win 01)
File : nvt/gb_mozilla_prdts_mult_vuln_mar12_win01.nasl

Nessus® Vulnerability Scanner

DateDescription
2012-04-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-032.nasl - Type : ACT_GATHER_INFO
2012-03-29Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-120320.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_28.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_10_0_3.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_10_0_3.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_1003.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_1003.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://www.mozilla.org/security/announce/2012/mfsa2012-12.html
https://bugzilla.mozilla.org/show_bug.cgi?id=684555
SECUNIAhttp://secunia.com/advisories/48561
http://secunia.com/advisories/48629

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:07:35
  • Multiple Updates
2013-05-10 22:32:33
  • Multiple Updates
2012-11-07 05:21:29
  • Multiple Updates