Buffer overflow in Mozilla Firefox
CVE-2012-4188
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execut…
Vulnerability class: Buffer Overflow
EPSS: 0.525 (98.0th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox
- Mozilla Seamonkey
- Mozilla Thunderbird
- Mozilla Thunderbird_esr
- Canonical Ubuntu_linux — versions 10.04, 11.04, 11.10
- Debian Debian_linux — versions 6.0
- Redhat Enterprise_linux_desktop — versions 5.0, 6.0
- Redhat Enterprise_linux_eus — versions 6.3
- Redhat Enterprise_linux_server — versions 5.0, 6.0
- Redhat Enterprise_linux_workstation — versions 5.0, 6.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 50904 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 50984 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 50935 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 50856 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- DSA-2565 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- 50892 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- DSA-2572 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- RHSA-2012:1351 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 50936 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2012-4188?
- CVE-2012-4188 is a vulnerability in Mozilla Firefox, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2012-10-10.
- Is CVE-2012-4188 known to be exploited?
- 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.