VulDB: Mozilla Firefox up to 13 buffer overflow [CVE-2012-1952]
General
scipID: 5672
Affected: Mozilla Firefox up to 13
Published: 07/17/2012 (Abhishek Arya (Inferno))
Risk: 
critical
Entry: 92.9% complete
Created: 07/23/2012
Updated: 09/03/2012
Summary
A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 13. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was disclosed 07/17/2012 by Abhishek Arya (Inferno) with Google as MFSA 2012-44 as advisory (Website). The advisory is shared for download at mozilla.org. The public release has been coordinated in cooperation with the vendor. This vulnerability is handled as CVE-2012-1952 since 03/30/2012. The exploitability is known to be difficult. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a private exploit is available.
Upgrading to version 14 eliminates this vulnerability. The upgrade is hosted for download at mozilla.org. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (83999) and Secunia (SA49965).CVSS
Base Score: 7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Firefox 14
Timeline
03/30/2012 | CVE assigned
07/17/2012 | Advisory disclosed
07/17/2012 | Countermeasure disclosed
07/19/2012 | OSVDB entry created
07/23/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: MFSA 2012-44
Researcher: Abhishek Arya (Inferno)
Company: Google
Coordinated: Yes
OSVDB: 83999
CVE: CVE-2012-1952 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49965
- Latest Entries
- Google Chrome Web Audio Handler buffer overflow [CVE-2013-2845]
- Google Chrome Style Resolution Handler buffer overflow [CVE-2013-2844]
- Google Chrome Speech Handler buffer overflow [CVE-2013-2843]
- Google Chrome Widget Handler buffer overflow [CVE-2013-2842]
- Google Chrome Pepper Resource Handler buffer overflow [CVE-2013-2841]
- Statistics
- Archive
