CVE-2012-0444: Buffer Overflow
First published: Wed Feb 01 2012(Updated: )
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <3.6.26 | |
| Mozilla Firefox | >=4.0<10.0 | |
| Mozilla SeaMonkey | <2.7 | |
| Mozilla Thunderbird | <3.1.18 | |
| Mozilla Thunderbird | >=5.0<10.0 | |
| Debian GNU/Linux | =5.0 | |
| Debian GNU/Linux | =6.0 | |
| openSUSE | =11.4 | |
| SUSE Linux Enterprise Desktop with Beagle | =10-sp4 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp1 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| suse linux enterprise server vmware | =11-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp1 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =10.10 | |
| Ubuntu Linux | =11.04 | |
| Ubuntu Linux | =11.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
- http://secunia.com/advisories/48043
- http://secunia.com/advisories/48095
- http://www.debian.org/security/2012/dsa-2400
- http://www.debian.org/security/2012/dsa-2402
- http://www.debian.org/security/2012/dsa-2406
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
- http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
- http://www.securityfocus.com/bid/51753
- http://www.ubuntu.com/usn/USN-1370-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=719612
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72858
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464
Frequently Asked Questions
What is the severity of CVE-2012-0444?
CVE-2012-0444 is classified as a denial of service vulnerability due to memory corruption and application crashes.
What systems are affected by CVE-2012-0444?
CVE-2012-0444 affects Mozilla Firefox versions prior to 3.6.26 and from 4.x to 9.0, Thunderbird versions before 3.1.18 and from 5.0 to 9.0, and SeaMonkey versions before 2.7.
How do I fix CVE-2012-0444?
To fix CVE-2012-0444, users should upgrade to the latest versions of Mozilla Firefox, Thunderbird, and SeaMonkey as specified in the security advisories.
What can attackers do with CVE-2012-0444?
Attackers can exploit CVE-2012-0444 to cause denial of service, leading to application crashes or potentially execute arbitrary code.
Is there a workaround for CVE-2012-0444?
There are no known effective workarounds for CVE-2012-0444 other than updating the vulnerable software.
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/4.0
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- version/mozilla thunderbird/5.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/5.0
- version/debian gnu/linux/6.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/10-sp4
- version/suse linux enterprise desktop with beagle/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp1
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp4
- version/suse linux enterprise software development kit/11-sp1
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/10.10
- version/ubuntu linux/11.04
- version/ubuntu linux/11.10