CyberSec.Space Logo
Back to CVE Browser

CVE-2012-0444

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile7.44th
PublishedFeb 1, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Firefox

< 3.6.26
πŸ“¦
Mozilla

Firefox

>= 4.0 and < 10.0
πŸ“¦
Mozilla

Seamonkey

< 2.7
πŸ“¦
Mozilla

Thunderbird

< 3.1.18
πŸ“¦
Mozilla

Thunderbird

>= 5.0 and < 10.0
πŸ’»
Debian

Debian Linux

= 5.0
πŸ’»
Debian

Debian Linux

= 6.0
πŸ’»
Opensuse

Opensuse

= 11.4
πŸ’»
Suse

Linux Enterprise Desktop

= 10
πŸ’»
Suse

Linux Enterprise Desktop

= 11
πŸ’»
Suse

Linux Enterprise Server

= 10
πŸ’»
Suse

Linux Enterprise Server

= 11
πŸ’»
Suse

Linux Enterprise Server

= 11
πŸ’»
Suse

Linux Enterprise Software Development Kit

= 10
πŸ’»
Suse

Linux Enterprise Software Development Kit

= 11
πŸ’»
Canonical

Ubuntu Linux

= 10.04
πŸ’»
Canonical

Ubuntu Linux

= 10.10
πŸ’»
Canonical

Ubuntu Linux

= 11.04
πŸ’»
Canonical

Ubuntu Linux

= 11.10

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
πŸ”— http://secunia.com/advisories/48043
πŸ”— http://secunia.com/advisories/48095
πŸ”— http://www.debian.org/security/2012/dsa-2400
πŸ”— http://www.debian.org/security/2012/dsa-2402
πŸ”— http://www.debian.org/security/2012/dsa-2406

Related Vulnerabilities

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...