CVE-2012-3971

Published: 29 August 2012

Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.

Priority

Status

Package	Release	Status
thunderbird Launchpad, Ubuntu, Debian	vivid	Released (15.0+build1-0ubuntu1)
	hardy	Ignored (end of life)
	lucid	Released (15.0+build1-0ubuntu0.10.04.1)
	natty	Released (15.0+build1-0ubuntu0.11.04.1)
	oneiric	Released (15.0+build1-0ubuntu0.11.10.1)
	quantal	Released (15.0+build1-0ubuntu1)
	raring	Released (15.0+build1-0ubuntu1)
	saucy	Released (15.0+build1-0ubuntu1)
	upstream	Released (15.0)
	utopic	Released (15.0+build1-0ubuntu1)
	wily	Released (15.0+build1-0ubuntu1)
	xenial	Released (15.0+build1-0ubuntu1)
	yakkety	Released (15.0+build1-0ubuntu1)
	zesty	Released (15.0+build1-0ubuntu1)
	precise	Released (15.0+build1-0ubuntu0.12.04.1)
	trusty	Released (15.0+build1-0ubuntu1)
firefox Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (15.0+build1-0ubuntu0.10.04.1)
	natty	Released (15.0+build1-0ubuntu0.11.04.2)
	oneiric	Released (15.0+build1-0ubuntu0.11.10.1)
	quantal	Released (15.0+build1-0ubuntu1)
	raring	Released (15.0+build1-0ubuntu1)
	saucy	Released (15.0+build1-0ubuntu1)
	upstream	Released (15.0)
	utopic	Released (15.0+build1-0ubuntu1)
	vivid	Released (15.0+build1-0ubuntu1)
	wily	Released (15.0+build1-0ubuntu1)
	xenial	Released (15.0+build1-0ubuntu1)
	yakkety	Released (15.0+build1-0ubuntu1)
	zesty	Released (15.0+build1-0ubuntu1)
	precise	Released (15.0+build1-0ubuntu0.12.04.1)
	trusty	Released (15.0+build1-0ubuntu1)
graphite2 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	quantal	Not vulnerable (1.1.3-1)
	raring	Not vulnerable (1.2.1-1)
	saucy	Not vulnerable (1.2.1-1)
	trusty	Not vulnerable (1.2.1-1)
	upstream	Released (1.1.3)
	utopic	Not vulnerable (1.2.1-1)
	vivid	Not vulnerable (1.2.1-1)
	wily	Not vulnerable (1.2.1-1)
	xenial	Not vulnerable (1.2.1-1)
	yakkety	Not vulnerable (1.2.1-1)
	zesty	Not vulnerable (1.2.1-1)
	precise	Ignored (end of life)
seamonkey Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Ignored (end of life)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
xulrunner-1.9.2 Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
xulrunner-2.0 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	natty	Ignored (end of life)
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›