CVE-2012-0452
Published: 13 February 2012
Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding.
Notes
Author | Note |
---|---|
micahg | did not affect Firefox 9, Thunderbird 9, Seamonkey 2.6 or earlier |
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(10.0.1+build1-0ubuntu0.10.04.1)
|
|
maverick |
Released
(10.0.1+build1-0ubuntu0.10.10.1)
|
|
natty |
Released
(10.0.1+build1-0ubuntu0.11.04.1)
|
|
oneiric |
Released
(10.0.1+build1-0ubuntu0.11.10.1)
|
|
precise |
Released
(11.0~b2+build1-0ubuntu1)
|
|
upstream |
Released
(10.0.1)
|
|
seamonkey Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Does not exist
|
|
upstream |
Released
(2.7.1)
|
|
thunderbird Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(3.1.x)
|
|
maverick |
Not vulnerable
(3.1.x)
|
|
natty |
Not vulnerable
(3.1.x)
|
|
oneiric |
Released
(10.0.1+build1-0ubuntu0.11.10.1)
|
|
precise |
Released
(12.0.1+build1-0ubuntu0.12.04.1)
|
|
upstream |
Released
(10.0.1)
|
|
xulrunner-1.9.2 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xulrunner-2.0 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Not vulnerable
|