CVE-2012-3971

Published: 29 August 2012

Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.

Priority

Status

Package	Release	Status
firefox Launchpad, Ubuntu, Debian	hardy	Ignored (reached end-of-life)
	lucid	Released (15.0+build1-0ubuntu0.10.04.1)
	natty	Released (15.0+build1-0ubuntu0.11.04.2)
	oneiric	Released (15.0+build1-0ubuntu0.11.10.1)
	precise	Does not exist (precise was released [15.0+build1-0ubuntu0.12.04.1])
	quantal	Released (15.0+build1-0ubuntu1)
	raring	Released (15.0+build1-0ubuntu1)
	saucy	Released (15.0+build1-0ubuntu1)
	trusty	Does not exist (trusty was released [15.0+build1-0ubuntu1])
	upstream	Released (15.0)
	utopic	Released (15.0+build1-0ubuntu1)
	vivid	Released (15.0+build1-0ubuntu1)
	wily	Released (15.0+build1-0ubuntu1)
	xenial	Released (15.0+build1-0ubuntu1)
	yakkety	Released (15.0+build1-0ubuntu1)
	zesty	Released (15.0+build1-0ubuntu1)
graphite2 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist (precise was needs-triage)
	quantal	Not vulnerable (1.1.3-1)
	raring	Not vulnerable (1.2.1-1)
	saucy	Not vulnerable (1.2.1-1)
	trusty	Not vulnerable (1.2.1-1)
	upstream	Released (1.1.3)
	utopic	Not vulnerable (1.2.1-1)
	vivid	Not vulnerable (1.2.1-1)
	wily	Not vulnerable (1.2.1-1)
	xenial	Not vulnerable (1.2.1-1)
	yakkety	Not vulnerable (1.2.1-1)
	zesty	Not vulnerable (1.2.1-1)
seamonkey Launchpad, Ubuntu, Debian	hardy	Ignored (reached end-of-life)
	lucid	Ignored (reached end-of-life)
	natty	Ignored (reached end-of-life)
	oneiric	Ignored (reached end-of-life)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
thunderbird Launchpad, Ubuntu, Debian	hardy	Ignored (reached end-of-life)
	lucid	Released (15.0+build1-0ubuntu0.10.04.1)
	natty	Released (15.0+build1-0ubuntu0.11.04.1)
	oneiric	Released (15.0+build1-0ubuntu0.11.10.1)
	precise	Does not exist (precise was released [15.0+build1-0ubuntu0.12.04.1])
	quantal	Released (15.0+build1-0ubuntu1)
	raring	Released (15.0+build1-0ubuntu1)
	saucy	Released (15.0+build1-0ubuntu1)
	trusty	Does not exist (trusty was released [15.0+build1-0ubuntu1])
	upstream	Released (15.0)
	utopic	Released (15.0+build1-0ubuntu1)
	vivid	Released (15.0+build1-0ubuntu1)
	wily	Released (15.0+build1-0ubuntu1)
	xenial	Released (15.0+build1-0ubuntu1)
	yakkety	Released (15.0+build1-0ubuntu1)
	zesty	Released (15.0+build1-0ubuntu1)
xulrunner-1.9.2 Launchpad, Ubuntu, Debian	hardy	Ignored (reached end-of-life)
	lucid	Ignored (see notes)
	natty	Ignored (universe-binary)
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
xulrunner-2.0 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (does not process internet content)
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›