Network Security Consulting Advisories Article
http://www.securityfocus.com/bid/53796
Security Info | Bugtraq ID: | 53796 | | Class: | Unknown | | CVE: | CVE-2012-1938
| | Remote: | Yes | | Local: | No | | Published: | Jun 05 2012 12:00AM | | Updated: | Jun 07 2012 01:20PM | | Credit: | Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy | | Vulnerable: | Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
RedHat Enterprise Linux Optional Productivity Application 5 server
RedHat Enterprise Linux Desktop Workstation 5 client
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux 5 Server
Mozilla Thunderbird ESR 10.0.4
Mozilla Thunderbird ESR 10.0.3
Mozilla Thunderbird ESR 10.0.2
Mozilla Thunderbird 9.0
Mozilla Thunderbird 8.0
Mozilla Thunderbird 7.0.1
Mozilla Thunderbird 7.0
Mozilla Thunderbird 6.0.2
Mozilla Thunderbird 6.0.1
Mozilla Thunderbird 6.0
Mozilla Thunderbird 6
Mozilla Thunderbird 6
Mozilla Thunderbird 5.0
Mozilla Thunderbird 5
Mozilla Thunderbird 12.0
Mozilla Thunderbird 11.0
Mozilla Thunderbird 10.0.2
Mozilla Thunderbird 10.0.1
Mozilla Thunderbird 10.0
Mozilla Thunderbird 10.0
Mozilla Thunderbird 10.0
Mozilla SeaMonkey 2.0.11
Mozilla SeaMonkey 2.0.11
Mozilla SeaMonkey 2.0.9
Mozilla SeaMonkey 2.0.8
Mozilla SeaMonkey 2.0.5
Mozilla SeaMonkey 2.0.4
Mozilla SeaMonkey 2.0.3
Mozilla SeaMonkey 2.0.2
Mozilla SeaMonkey 2.0.1
Mozilla SeaMonkey 2.9
Mozilla SeaMonkey 2.8
Mozilla SeaMonkey 2.7.2
Mozilla SeaMonkey 2.7.1
Mozilla SeaMonkey 2.7
Mozilla SeaMonkey 2.6
Mozilla SeaMonkey 2.5
Mozilla SeaMonkey 2.4
Mozilla SeaMonkey 2.3
Mozilla SeaMonkey 2.2
Mozilla SeaMonkey 2.2
Mozilla SeaMonkey 2.1b2
Mozilla SeaMonkey 2.1 Alpha3
Mozilla SeaMonkey 2.1 Alpha2
Mozilla SeaMonkey 2.1 Alpha1
Mozilla SeaMonkey 2.1
Mozilla SeaMonkey 2.0.9
Mozilla SeaMonkey 2.0.7
Mozilla SeaMonkey 2.0.6
Mozilla SeaMonkey 2.0.5
Mozilla SeaMonkey 2.0.4
Mozilla SeaMonkey 2.0.14
Mozilla SeaMonkey 2.0.13
Mozilla SeaMonkey 2.0.12
Mozilla SeaMonkey 2.0.10
Mozilla SeaMonkey 2.0 Rc2
Mozilla SeaMonkey 2.0 Rc1
Mozilla SeaMonkey 2.0 Beta 2
Mozilla SeaMonkey 2.0 Beta 1
Mozilla SeaMonkey 2.0 Alpha 3
Mozilla SeaMonkey 2.0 Alpha 2
Mozilla SeaMonkey 2.0 Alpha 1
Mozilla SeaMonkey 2.0
Mozilla Firefox ESR 10.0.4
Mozilla Firefox ESR 10.0.3
Mozilla Firefox ESR 10.0.2
Mozilla Firefox 9.0.1
Mozilla Firefox 9.0
Mozilla Firefox 8.0.1
Mozilla Firefox 8.0
Mozilla Firefox 7.0.1
Mozilla Firefox 7.0
Mozilla Firefox 7
Mozilla Firefox 6.0.2
Mozilla Firefox 6.0.1
Mozilla Firefox 6.0
Mozilla Firefox 6
Mozilla Firefox 5.0.1
Mozilla Firefox 5.0
Mozilla Firefox 4.0.1
Mozilla Firefox 4.0 Beta9
Mozilla Firefox 4.0 Beta8
Mozilla Firefox 4.0 Beta7
Mozilla Firefox 4.0 Beta6
Mozilla Firefox 4.0 Beta5
Mozilla Firefox 4.0 Beta4
Mozilla Firefox 4.0 Beta3
Mozilla Firefox 4.0 Beta2
Mozilla Firefox 4.0 Beta12
Mozilla Firefox 4.0 Beta11
Mozilla Firefox 4.0 Beta10
Mozilla Firefox 4.0 Beta1
Mozilla Firefox 4.0 Beta1
Mozilla Firefox 4.0
Mozilla Firefox 12.0
Mozilla Firefox 11.0
Mozilla Firefox 10.0.2
Mozilla Firefox 10.0.1
Mozilla Firefox 10.0
Mozilla Firefox 10.0
Mozilla Firefox 10
| | | | Not Vulnerable: | Mozilla Thunderbird ESR 10.0.5
Mozilla Thunderbird 13.0
Mozilla SeaMonkey 2.10
Mozilla Firefox ESR 10.0.5
Mozilla Firefox 13.0
| Security DiscussionMozilla Firefox, SeaMonkey, and Thunderbird are prone to a memory-corruption vulnerability that may allow remote code execution.
An attacker could exploit this issue by enticing an unsuspecting user to view malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.Proof of Concept and Security ExploitsCurrently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com. Security Solution(s)Solution:
Updates are available. Please see the references for more information.
Security References(s) References:
|
|
 |
|
|
|
