CVE-2012-1970: Buffer Overflow
First published: Wed Aug 29 2012(Updated: )
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <15.0 | |
| Firefox | >=10.0<10.0.7 | |
| Mozilla SeaMonkey | <2.12 | |
| Thunderbird | <15.0 | |
| Mozilla Thunderbird | >=10.0<10.0.7 | |
| openSUSE | =12.2 | |
| SUSE Linux Enterprise Desktop | =10-sp4 | |
| SUSE Linux Enterprise Desktop | =11-sp2 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp2 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server EUS | =6.3 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =6.3 | |
| Red Hat Enterprise Linux Workstation | =5.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Ubuntu | =10.04 | |
| Ubuntu | =11.04 | |
| Ubuntu | =11.10 | |
| Ubuntu | =12.04 | |
| Debian Linux | =6.0 | |
| Debian Linux | =7.0 | |
| Firefox ESR | >=10.0<10.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2012-1210.html
- http://rhn.redhat.com/errata/RHSA-2012-1211.html
- http://www.debian.org/security/2012/dsa-2553
- http://www.debian.org/security/2012/dsa-2554
- http://www.debian.org/security/2012/dsa-2556
- http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
- http://www.securityfocus.com/bid/55266
- http://www.ubuntu.com/usn/USN-1548-1
- http://www.ubuntu.com/usn/USN-1548-2
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://bugzilla.mozilla.org/show_bug.cgi?id=745158
- https://bugzilla.mozilla.org/show_bug.cgi?id=758408
- https://bugzilla.mozilla.org/show_bug.cgi?id=761831
- https://bugzilla.mozilla.org/show_bug.cgi?id=764176
- https://bugzilla.mozilla.org/show_bug.cgi?id=775206
- https://bugzilla.mozilla.org/show_bug.cgi?id=777806
- https://bugzilla.mozilla.org/show_bug.cgi?id=778765
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910
Frequently Asked Questions
What is the severity of CVE-2012-1970?
CVE-2012-1970 has a severity rating that indicates it can lead to denial of service due to memory corruption.
How do I fix CVE-2012-1970?
To fix CVE-2012-1970, update Mozilla Firefox, Thunderbird, or SeaMonkey to the latest version available.
What versions are affected by CVE-2012-1970?
CVE-2012-1970 affects Mozilla Firefox before version 15.0, Thunderbird before version 15.0, and SeaMonkey before version 2.12, among others.
Can CVE-2012-1970 be exploited remotely?
Yes, CVE-2012-1970 allows remote attackers to exploit the vulnerability, potentially causing application crashes.
Are there any workarounds for CVE-2012-1970?
Temporary workarounds for CVE-2012-1970 include disabling scripts or avoiding the use of affected browsers until they can be updated.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/author
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/10.0
- canonical/mozilla seamonkey
- canonical/thunderbird
- canonical/mozilla thunderbird
- version/mozilla thunderbird/10.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/12.2
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/10-sp4
- version/suse linux enterprise desktop/11-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp2
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/6.3
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/6.3
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0
- version/red hat enterprise linux workstation/6.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/11.04
- version/ubuntu/11.10
- version/ubuntu/12.04
- vendor/debian
- canonical/debian linux
- version/debian linux/6.0
- version/debian linux/7.0
- canonical/firefox esr
- version/firefox esr/10.0