CVE-2012-0472

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
mozillafirefox
4.0
mozillafirefox
4.0:beta1
mozillafirefox
4.0:beta10
mozillafirefox
4.0:beta11
mozillafirefox
4.0:beta12
mozillafirefox
4.0:beta2
mozillafirefox
4.0:beta3
mozillafirefox
4.0:beta4
mozillafirefox
4.0:beta5
mozillafirefox
4.0:beta6
mozillafirefox
4.0:beta7
mozillafirefox
4.0:beta8
mozillafirefox
4.0:beta9
mozillafirefox
4.0.1
mozillafirefox
5.0
mozillafirefox
6.0
mozillafirefox
6.0.1
mozillafirefox
6.0.2
mozillafirefox
7.0
mozillafirefox
7.0.1
mozillafirefox
8.0
mozillafirefox
8.0.1
mozillafirefox
9.0
mozillafirefox
9.0.1
mozillafirefox
10.0
mozillafirefox
10.0.1
mozillafirefox
10.0.2
mozillafirefox
11.0
mozillafirefox
10.0
mozillafirefox
10.0.1
mozillafirefox
10.0.2
mozillafirefox
10.0.3
mozillathunderbird
5.0
mozillathunderbird
6.0
mozillathunderbird
6.0.1
mozillathunderbird
6.0.2
mozillathunderbird
7.0
mozillathunderbird
7.0.1
mozillathunderbird
8.0
mozillathunderbird
9.0
mozillathunderbird
10.0
mozillathunderbird
10.0.1
mozillathunderbird
10.0.2
mozillathunderbird
10.0.3
mozillathunderbird
10.0.4
mozillathunderbird
11.0
mozillathunderbird_esr
10.0
mozillathunderbird_esr
10.0.1
mozillathunderbird_esr
10.0.2
mozillathunderbird_esr
10.0.3
mozillathunderbird_esr
10.0.4
mozillaseamonkey
𝑥
≤ 2.9
mozillaseamonkey
1.0
mozillaseamonkey
1.0:alpha
mozillaseamonkey
1.0:beta
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.4
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillaseamonkey
1.1.12
mozillaseamonkey
1.1.13
mozillaseamonkey
1.1.14
mozillaseamonkey
1.1.15
mozillaseamonkey
1.1.16
mozillaseamonkey
1.1.17
mozillaseamonkey
1.1.18
mozillaseamonkey
1.1.19
mozillaseamonkey
1.5.0.8
mozillaseamonkey
1.5.0.9
mozillaseamonkey
1.5.0.10
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0:rc2
mozillaseamonkey
2.0.1
mozillaseamonkey
2.0.2
mozillaseamonkey
2.0.3
mozillaseamonkey
2.0.4
mozillaseamonkey
2.0.5
mozillaseamonkey
2.0.6
mozillaseamonkey
2.0.7
mozillaseamonkey
2.0.8
mozillaseamonkey
2.0.9
mozillaseamonkey
2.0.10
mozillaseamonkey
2.0.11
mozillaseamonkey
2.0.12
mozillaseamonkey
2.0.13
mozillaseamonkey
2.0.14
mozillaseamonkey
2.1
mozillaseamonkey
2.1:alpha1
mozillaseamonkey
2.1:alpha2
mozillaseamonkey
2.1:alpha3
mozillaseamonkey
2.1:beta1
mozillaseamonkey
2.1:beta2
mozillaseamonkey
2.1:beta3
mozillaseamonkey
2.1:rc1
mozillaseamonkey
2.1:rc2
mozillaseamonkey
2.2
mozillaseamonkey
2.2:beta1
mozillaseamonkey
2.2:beta2
mozillaseamonkey
2.2:beta3
mozillaseamonkey
2.3
mozillaseamonkey
2.3:beta1
mozillaseamonkey
2.3:beta2
mozillaseamonkey
2.3:beta3
mozillaseamonkey
2.3.1
mozillaseamonkey
2.3.2
mozillaseamonkey
2.3.3
mozillaseamonkey
2.4
mozillaseamonkey
2.4:beta1
mozillaseamonkey
2.4:beta2
mozillaseamonkey
2.4:beta3
mozillaseamonkey
2.4.1
mozillaseamonkey
2.5
mozillaseamonkey
2.5:beta1
mozillaseamonkey
2.5:beta2
mozillaseamonkey
2.5:beta3
mozillaseamonkey
2.5:beta4
mozillaseamonkey
2.6
mozillaseamonkey
2.6:beta1
mozillaseamonkey
2.6:beta2
mozillaseamonkey
2.6:beta3
mozillaseamonkey
2.6:beta4
mozillaseamonkey
2.6.1
mozillaseamonkey
2.7
mozillaseamonkey
2.7:beta1
mozillaseamonkey
2.7:beta2
mozillaseamonkey
2.7:beta3
mozillaseamonkey
2.7:beta4
mozillaseamonkey
2.7:beta5
mozillaseamonkey
2.7.1
mozillaseamonkey
2.7.2
mozillaseamonkey
2.8
mozillaseamonkey
2.8:beta1
mozillaseamonkey
2.8:beta2
mozillaseamonkey
2.8:beta3
mozillaseamonkey
2.8:beta4
mozillaseamonkey
2.8:beta5
mozillaseamonkey
2.8:beta6
mozillaseamonkey
2.9:beta1
mozillaseamonkey
2.9:beta2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
seamonkey
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
thunderbird
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
xulrunner-1.9.2
oneiric
dne
natty
not-affected
lucid
not-affected
hardy
ignored
xulrunner-2.0
oneiric
dne
natty
ignored
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/48972
http://secunia.com/advisories/49055
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
http://www.securityfocus.com/bid/53218
https://bugzilla.mozilla.org/show_bug.cgi?id=744480
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067
http://secunia.com/advisories/48972
http://secunia.com/advisories/49055
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
http://www.securityfocus.com/bid/53218
https://bugzilla.mozilla.org/show_bug.cgi?id=744480
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067