CVE-2012-1939

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
mozillafirefox
10.0
mozillafirefox
10.0.1
mozillafirefox
10.0.2
mozillafirefox
10.0.3
mozillafirefox
10.0.4
mozillathunderbird_esr
10.0
mozillathunderbird_esr
10.0.1
mozillathunderbird_esr
10.0.2
mozillathunderbird_esr
10.0.3
mozillathunderbird_esr
10.0.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
seamonkey
precise
dne
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
thunderbird
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
xulrunner-1.9.2
precise
dne
oneiric
dne
natty
not-affected
lucid
not-affected
hardy
ignored
xulrunner-2.0
precise
dne
oneiric
dne
natty
ignored
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
http://rhn.redhat.com/errata/RHSA-2012-0710.html
http://rhn.redhat.com/errata/RHSA-2012-0715.html
http://www.debian.org/security/2012/dsa-2499
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
https://bugzilla.mozilla.org/show_bug.cgi?id=748613
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
http://rhn.redhat.com/errata/RHSA-2012-0710.html
http://rhn.redhat.com/errata/RHSA-2012-0715.html
http://www.debian.org/security/2012/dsa-2499
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
https://bugzilla.mozilla.org/show_bug.cgi?id=748613