Buffer overflow in Mozilla Firefox
CVE-2012-4186
Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote a…
Vulnerability class: Buffer Overflow
EPSS: 0.525 (98.0th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox
- Mozilla Seamonkey
- Mozilla Thunderbird
- Mozilla Thunderbird_esr
- Canonical Ubuntu_linux — versions 10.04, 11.04, 11.10
- Debian Debian_linux — versions 6.0
- Redhat Enterprise_linux_desktop — versions 5.0, 6.0
- Redhat Enterprise_linux_eus — versions 6.3
- Redhat Enterprise_linux_server — versions 5.0, 6.0
- Redhat Enterprise_linux_workstation — versions 5.0, 6.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 50904 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 50984 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 50935 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- oval:org.mitre.oval:def:16193 (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
- 50856 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- DSA-2565 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- 50892 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 86117 (x_refsource_OSVDB, vdb-entry, Broken Link)
- DSA-2572 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- RHSA-2012:1351 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2012-4186?
- CVE-2012-4186 is a vulnerability in Mozilla Firefox, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-10-10.
- Is CVE-2012-4186 known to be exploited?
- 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.