CVE-2012-0472

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/48972	Not Applicable Permissions Required
http://secunia.com/advisories/49055	Not Applicable Permissions Required
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html	Vendor Advisory
http://www.securityfocus.com/bid/53218	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=744480	Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067
http://secunia.com/advisories/48972	Not Applicable Permissions Required
http://secunia.com/advisories/49055	Not Applicable Permissions Required
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html	Vendor Advisory
http://www.securityfocus.com/bid/53218	Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=744480	Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:4.0:::::::*
	cpe:2.3:a:mozilla:firefox:4.0:beta1::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta10::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta11::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta12::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta2::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta3::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta4::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta5::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta6::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta7::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta8::::::
	cpe:2.3:a:mozilla:firefox:4.0:beta9::::::
	cpe:2.3:a:mozilla:firefox:4.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:5.0:::::::*
	cpe:2.3:a:mozilla:firefox:6.0:::::::*
	cpe:2.3:a:mozilla:firefox:6.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:6.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:7.0:::::::*
	cpe:2.3:a:mozilla:firefox:7.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:8.0:::::::*
	cpe:2.3:a:mozilla:firefox:8.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:9.0:::::::*
	cpe:2.3:a:mozilla:firefox:9.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:10.0:::::::*
	cpe:2.3:a:mozilla:firefox:10.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:10.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:11.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:mozilla:firefox:10.0:::::::*
	cpe:2.3:a:mozilla:firefox:10.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:10.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:10.0.3:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:mozilla:thunderbird:5.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:6.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:6.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:6.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:7.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:7.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:8.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:9.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:10.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:10.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:10.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird:10.0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird:10.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:11.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:mozilla:thunderbird_esr:10.0:::::::*
	cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:::::::*
	cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:::::::*
	cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:::::::*
	cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:mozilla:seamonkey::beta3::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0:alpha::::::
	cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
	cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
	cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
	cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.18:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.19:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.5.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.5.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.5.0.10:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
	cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
	cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.10:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.11:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.12:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.13:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.0.14:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:2.1:alpha1::::::
	cpe:2.3:a:mozilla:seamonkey:2.1:alpha2::::::
	cpe:2.3:a:mozilla:seamonkey:2.1:alpha3::::::
cpe:2.3:a:mozilla:seamonkey:2.1:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.1:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.1:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.1:rc1::::::
cpe:2.3:a:mozilla:seamonkey:2.1:rc2::::::
cpe:2.3:a:mozilla:seamonkey:2.2:::::::*
cpe:2.3:a:mozilla:seamonkey:2.2:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.2:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.2:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.3:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.3:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.3:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.3.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.3.2:::::::*
cpe:2.3:a:mozilla:seamonkey:2.3.3:::::::*
cpe:2.3:a:mozilla:seamonkey:2.4:::::::*
cpe:2.3:a:mozilla:seamonkey:2.4:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.4:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.4:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.4.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.5:::::::*
cpe:2.3:a:mozilla:seamonkey:2.5:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.5:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.5:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.5:beta4::::::
cpe:2.3:a:mozilla:seamonkey:2.6:::::::*
cpe:2.3:a:mozilla:seamonkey:2.6:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.6:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.6:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.6:beta4::::::
cpe:2.3:a:mozilla:seamonkey:2.6.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.7:::::::*
cpe:2.3:a:mozilla:seamonkey:2.7:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.7:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.7:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.7:beta4::::::
cpe:2.3:a:mozilla:seamonkey:2.7:beta5::::::
cpe:2.3:a:mozilla:seamonkey:2.7.1:::::::*
cpe:2.3:a:mozilla:seamonkey:2.7.2:::::::*
cpe:2.3:a:mozilla:seamonkey:2.8:::::::*
cpe:2.3:a:mozilla:seamonkey:2.8:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.8:beta2::::::
cpe:2.3:a:mozilla:seamonkey:2.8:beta3::::::
cpe:2.3:a:mozilla:seamonkey:2.8:beta4::::::
cpe:2.3:a:mozilla:seamonkey:2.8:beta5::::::
cpe:2.3:a:mozilla:seamonkey:2.8:beta6::::::
cpe:2.3:a:mozilla:seamonkey:2.9:beta1::::::
cpe:2.3:a:mozilla:seamonkey:2.9:beta2::::::

History

21 Nov 2024, 01:35

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/48972 - Not Applicable, Permissions Required~~	() http://secunia.com/advisories/48972 - Not Applicable, Permissions Required
References	~~() http://secunia.com/advisories/49055 - Not Applicable, Permissions Required~~	() http://secunia.com/advisories/49055 - Not Applicable, Permissions Required
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 -
References	~~() http://www.mozilla.org/security/announce/2012/mfsa2012-25.html - Vendor Advisory~~	() http://www.mozilla.org/security/announce/2012/mfsa2012-25.html - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/53218 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/53218 - Third Party Advisory, VDB Entry
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=744480 - Issue Tracking~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=744480 - Issue Tracking
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067 -

21 Oct 2024, 13:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:10.0.1:::::::* cpe:2.3:a:mozilla:firefox_esr:10.0:::::::* cpe:2.3:a:mozilla:firefox_esr:10.0.2:::::::*

21 Oct 2024, 13:11

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:10.0.3:::::::*	cpe:2.3:a:mozilla:firefox:10.0.3:::::::*

Information

Published : 2012-04-25 10:10

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0472

Mitre link : CVE-2012-0472

CVE.ORG link : CVE-2012-0472

JSON object : View

Products Affected

mozilla

thunderbird_esr
thunderbird
seamonkey
firefox

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

9.3 /10