CVE-2012-0473

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
mozillafirefox
4.0
mozillafirefox
4.0:beta1
mozillafirefox
4.0:beta10
mozillafirefox
4.0:beta11
mozillafirefox
4.0:beta12
mozillafirefox
4.0:beta2
mozillafirefox
4.0:beta3
mozillafirefox
4.0:beta4
mozillafirefox
4.0:beta5
mozillafirefox
4.0:beta6
mozillafirefox
4.0:beta7
mozillafirefox
4.0:beta8
mozillafirefox
4.0:beta9
mozillafirefox
4.0.1
mozillafirefox
5.0
mozillafirefox
5.0.1
mozillafirefox
6.0
mozillafirefox
6.0.1
mozillafirefox
6.0.2
mozillafirefox
7.0
mozillafirefox
7.0.1
mozillafirefox
8.0
mozillafirefox
8.0.1
mozillafirefox
9.0
mozillafirefox
9.0.1
mozillafirefox
10.0
mozillafirefox
10.0.1
mozillafirefox
10.0.2
mozillafirefox
11.0
mozillafirefox
10.0
mozillafirefox
10.0.1
mozillafirefox
10.0.2
mozillafirefox
10.0.3
mozillathunderbird
5.0
mozillathunderbird
6.0
mozillathunderbird
6.0.1
mozillathunderbird
6.0.2
mozillathunderbird
7.0
mozillathunderbird
7.0.1
mozillathunderbird
8.0
mozillathunderbird
9.0
mozillathunderbird
9.0.1
mozillathunderbird
10.0
mozillathunderbird
10.0.1
mozillathunderbird
10.0.2
mozillathunderbird
10.0.3
mozillathunderbird
10.0.4
mozillathunderbird
11.0
mozillathunderbird_esr
10.0
mozillathunderbird_esr
10.0.1
mozillathunderbird_esr
10.0.2
mozillathunderbird_esr
10.0.3
mozillaseamonkey
𝑥
≤ 2.9
mozillaseamonkey
1.0
mozillaseamonkey
1.0:alpha
mozillaseamonkey
1.0:beta
mozillaseamonkey
1.0.1
mozillaseamonkey
1.0.2
mozillaseamonkey
1.0.3
mozillaseamonkey
1.0.4
mozillaseamonkey
1.0.5
mozillaseamonkey
1.0.6
mozillaseamonkey
1.0.7
mozillaseamonkey
1.0.8
mozillaseamonkey
1.0.9
mozillaseamonkey
1.1
mozillaseamonkey
1.1:alpha
mozillaseamonkey
1.1:beta
mozillaseamonkey
1.1.1
mozillaseamonkey
1.1.2
mozillaseamonkey
1.1.3
mozillaseamonkey
1.1.4
mozillaseamonkey
1.1.5
mozillaseamonkey
1.1.6
mozillaseamonkey
1.1.7
mozillaseamonkey
1.1.8
mozillaseamonkey
1.1.9
mozillaseamonkey
1.1.10
mozillaseamonkey
1.1.11
mozillaseamonkey
1.1.12
mozillaseamonkey
1.1.13
mozillaseamonkey
1.1.14
mozillaseamonkey
1.1.15
mozillaseamonkey
1.1.16
mozillaseamonkey
1.1.17
mozillaseamonkey
1.1.18
mozillaseamonkey
1.1.19
mozillaseamonkey
1.5.0.8
mozillaseamonkey
1.5.0.9
mozillaseamonkey
1.5.0.10
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0:rc2
mozillaseamonkey
2.0.1
mozillaseamonkey
2.0.2
mozillaseamonkey
2.0.3
mozillaseamonkey
2.0.4
mozillaseamonkey
2.0.5
mozillaseamonkey
2.0.6
mozillaseamonkey
2.0.7
mozillaseamonkey
2.0.8
mozillaseamonkey
2.0.9
mozillaseamonkey
2.0.10
mozillaseamonkey
2.0.11
mozillaseamonkey
2.0.12
mozillaseamonkey
2.0.13
mozillaseamonkey
2.0.14
mozillaseamonkey
2.1
mozillaseamonkey
2.1:alpha1
mozillaseamonkey
2.1:alpha2
mozillaseamonkey
2.1:alpha3
mozillaseamonkey
2.1:beta1
mozillaseamonkey
2.1:beta2
mozillaseamonkey
2.1:beta3
mozillaseamonkey
2.1:rc1
mozillaseamonkey
2.1:rc2
mozillaseamonkey
2.2
mozillaseamonkey
2.2:beta1
mozillaseamonkey
2.2:beta2
mozillaseamonkey
2.2:beta3
mozillaseamonkey
2.3
mozillaseamonkey
2.3:beta1
mozillaseamonkey
2.3:beta2
mozillaseamonkey
2.3:beta3
mozillaseamonkey
2.3.1
mozillaseamonkey
2.3.2
mozillaseamonkey
2.3.3
mozillaseamonkey
2.4
mozillaseamonkey
2.4:beta1
mozillaseamonkey
2.4:beta2
mozillaseamonkey
2.4:beta3
mozillaseamonkey
2.4.1
mozillaseamonkey
2.5
mozillaseamonkey
2.5:beta1
mozillaseamonkey
2.5:beta2
mozillaseamonkey
2.5:beta3
mozillaseamonkey
2.5:beta4
mozillaseamonkey
2.6
mozillaseamonkey
2.6:beta1
mozillaseamonkey
2.6:beta2
mozillaseamonkey
2.6:beta3
mozillaseamonkey
2.6:beta4
mozillaseamonkey
2.6.1
mozillaseamonkey
2.7
mozillaseamonkey
2.7:beta1
mozillaseamonkey
2.7:beta2
mozillaseamonkey
2.7:beta3
mozillaseamonkey
2.7:beta4
mozillaseamonkey
2.7:beta5
mozillaseamonkey
2.7.1
mozillaseamonkey
2.7.2
mozillaseamonkey
2.8
mozillaseamonkey
2.8:beta1
mozillaseamonkey
2.8:beta2
mozillaseamonkey
2.8:beta3
mozillaseamonkey
2.8:beta4
mozillaseamonkey
2.8:beta5
mozillaseamonkey
2.8:beta6
mozillaseamonkey
2.9:beta1
mozillaseamonkey
2.9:beta2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
Fixed 12.0+build1-0ubuntu0.12.04.1
released
oneiric
Fixed 12.0+build1-0ubuntu0.11.10.1
released
natty
Fixed 12.0+build1-0ubuntu0.11.04.1
released
lucid
Fixed 12.0+build1-0ubuntu0.10.04.1
released
hardy
ignored
seamonkey
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
ignored
natty
ignored
lucid
ignored
hardy
ignored
thunderbird
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
Fixed 12.0.1+build1-0ubuntu0.12.04.1
released
oneiric
Fixed 12.0.1+build1-0ubuntu0.11.10.1
released
natty
Fixed 12.0.1+build1-0ubuntu0.11.04.1
released
lucid
Fixed 12.0.1+build1-0ubuntu0.10.04.1
released
hardy
ignored
xulrunner-1.9.2
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
ignored
lucid
ignored
hardy
ignored
xulrunner-2.0
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
dne
natty
ignored
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/48972
http://secunia.com/advisories/49047
http://secunia.com/advisories/49055
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
http://www.securityfocus.com/bid/53231
https://bugzilla.mozilla.org/show_bug.cgi?id=743475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16113
http://secunia.com/advisories/48972
http://secunia.com/advisories/49047
http://secunia.com/advisories/49055
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
http://www.securityfocus.com/bid/53231
https://bugzilla.mozilla.org/show_bug.cgi?id=743475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16113