CVE-2012-1939

Published Jun 5, 2012

Last updated 25 days ago

Overview

Description: jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1D4D8C9-5A00-46FE-9E42-CB8C2D66B120"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:10.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E639BCCB-A6BF-4174-BFAF-9674E65BA404"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:10.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDFC5947-3C3D-4484-8803-D6629C63B315"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:10.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A04BF0E2-0A40-4396-A46A-005D103D9E3F"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:10.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0C4C930-6EC1-469D-811C-E85490AB38C3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "369438BA-3E3E-4F4A-9D55-37201BCC19EA"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C6BE133-ED60-489A-9EA4-239FFFAD13A6"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "772CC146-E2FA-4E18-AAAB-1D04D8572DB1"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EAFAA60-E23E-4BAD-ACE6-17E760F03FDC"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BD8FF90-E66B-4D22-A5E1-558D6384D152"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References