CyberSec.Space Logo
Back to CVE Browser

CVE-2012-3961

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0520%
EPSS Percentile21.89th
PublishedAug 29, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Firefox

< 15.0
πŸ“¦
Mozilla

Firefox

>= 10.0 and < 10.0.7
πŸ“¦
Mozilla

Seamonkey

< 2.12
πŸ“¦
Mozilla

Thunderbird

< 15.0
πŸ“¦
Mozilla

Thunderbird Esr

>= 10.0 and < 10.0.7
πŸ’»
Opensuse

Opensuse

= 12.2
πŸ’»
Suse

Linux Enterprise Desktop

= 10
πŸ’»
Suse

Linux Enterprise Desktop

= 11
πŸ’»
Suse

Linux Enterprise Server

= 10
πŸ’»
Suse

Linux Enterprise Server

= 11
πŸ’»
Suse

Linux Enterprise Server

= 11
πŸ’»
Suse

Linux Enterprise Software Development Kit

= 11
πŸ’»
Redhat

Enterprise Linux Desktop

= 5.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Eus

= 6.3
πŸ’»
Redhat

Enterprise Linux Server

= 5.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Server Eus

= 6.3
πŸ’»
Redhat

Enterprise Linux Workstation

= 5.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0
πŸ’»
Canonical

Ubuntu Linux

= 10.04
πŸ’»
Canonical

Ubuntu Linux

= 11.04
πŸ’»
Canonical

Ubuntu Linux

= 11.10
πŸ’»
Canonical

Ubuntu Linux

= 12.04

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1210.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1211.html
πŸ”— http://www.mozilla.org/security/announce/2012/mfsa2012-58.html
πŸ”— http://www.securityfocus.com/bid/55321
πŸ”— http://www.ubuntu.com/usn/USN-1548-1

Related Vulnerabilities

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...