CVE-2012-0449

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
mozillafirefox
𝑥
< 3.6.26
mozillafirefox
4.0 ≤
𝑥
< 10.0
mozillaseamonkey
𝑥
< 2.7
mozillathunderbird
𝑥
< 3.1.18
mozillathunderbird
5.0 ≤
𝑥
< 10.0
debiandebian_linux
5.0
debiandebian_linux
6.0
opensuseopensuse
11.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
Fixed 10.0+build1-0ubuntu0.11.10.1
released
natty
Fixed 10.0+build1-0ubuntu0.11.04.1
released
maverick
Fixed 10.0+build1-0ubuntu0.10.10.1
released
lucid
Fixed 10.0+build1-0ubuntu0.10.04.2
released
hardy
ignored
seamonkey
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
thunderbird
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
Fixed 10.0.2+build1-0ubuntu0.11.10.1
released
natty
Fixed 3.1.18+build2+nobinonly-0ubuntu0.11.04.1
released
maverick
Fixed 3.1.18+build2+nobinonly-0ubuntu0.10.10.1
released
lucid
Fixed 3.1.18+build2+nobinonly-0ubuntu0.10.04.1
released
hardy
ignored
xulrunner-1.9.2
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
Fixed 1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1
released
maverick
Fixed 1.9.2.26+build2+nobinonly-0ubuntu0.10.10.1
released
lucid
Fixed 1.9.2.26+build2+nobinonly-0ubuntu0.10.04.1
released
hardy
ignored
xulrunner-2.0
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
ignored
maverick
dne
lucid
dne
hardy
dne
References