Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Mozilla
  • Firefox
  • Seamonkey
  • Thunderbird
  • Thunderbird Esr
Redhat
  • Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:mozilla:seamonkey:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.2:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.2:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.2:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.3:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.3:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.3:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.4:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.4:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.4:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.5:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.5:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.6:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.6:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.6:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.6:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.7:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.7:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.7:beta3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.7:beta4:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.7:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.7.2:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
firefox-0:10.0.3-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:0387 2012-03-14T00:00:00Z
xulrunner-0:10.0.3-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:0387 2012-03-14T00:00:00Z
thunderbird-0:10.0.3-1.el5_8 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:0388 2012-03-14T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:10.0.3-1.el6_2 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:0387 2012-03-14T00:00:00Z
xulrunner-0:10.0.3-1.el6_2 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:0387 2012-03-14T00:00:00Z
thunderbird-0:10.0.3-1.el6_2 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:0388 2012-03-14T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html cve-icon cve-icon
http://pwn2own.zerodayinitiative.com/status.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0387.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0388.html cve-icon cve-icon
http://secunia.com/advisories/48359 cve-icon cve-icon
http://secunia.com/advisories/48402 cve-icon cve-icon
http://secunia.com/advisories/48414 cve-icon cve-icon
http://secunia.com/advisories/48495 cve-icon cve-icon
http://secunia.com/advisories/48496 cve-icon cve-icon
http://secunia.com/advisories/48513 cve-icon cve-icon
http://secunia.com/advisories/48553 cve-icon cve-icon
http://secunia.com/advisories/48561 cve-icon cve-icon
http://secunia.com/advisories/48624 cve-icon cve-icon
http://secunia.com/advisories/48629 cve-icon cve-icon
http://secunia.com/advisories/48823 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032 cve-icon cve-icon
http://www.mozilla.org/security/announce/2012/mfsa2012-19.html cve-icon cve-icon
http://www.securityfocus.com/bid/52465 cve-icon cve-icon
http://www.securitytracker.com/id?1026801 cve-icon cve-icon
http://www.securitytracker.com/id?1026803 cve-icon cve-icon
http://www.securitytracker.com/id?1026804 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1400-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1400-2 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1400-3 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1400-4 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1400-5 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1401-1 cve-icon cve-icon
http://www.zdnet.com/blog/security/mozilla-knew-of-pwn2own-bug-before-cansecwest/10757 cve-icon cve-icon
http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=720079 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=735104 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-0464 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14170 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-0464 cve-icon
History

Mon, 21 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*		 cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*
Vendors & Products Mozilla firefox Esr
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-06T18:23:30.994Z

Reserved: 2012-01-09T00:00:00

Link: CVE-2012-0464

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-03-14T19:55:02.337

Modified: 2024-11-21T01:35:02.347

Link: CVE-2012-0464

cve-icon Redhat

Severity : Critical

Publid Date: 2012-03-13T00:00:00Z

Links: CVE-2012-0464 - Bugzilla