CVE-2012-0444
Mozilla Firefox < 3.6.26 and 4.x-9.0 - Remote Code Execution via Ogg Vorbis File
Title source: llmDescription
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
References (15)
Core 15
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48043
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48095
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2402
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51753
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2400
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2406
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1370-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72858
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=719612
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
Scores
EPSS
0.0897
EPSS Percentile
92.7%
Details
CWE
CWE-119
Status
published
Products (16)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
canonical/ubuntu_linux
11.04
canonical/ubuntu_linux
11.10
debian/debian_linux
5.0
debian/debian_linux
6.0
mozilla/firefox
< 3.6.26
mozilla/seamonkey
< 2.7
mozilla/thunderbird
< 3.1.18
opensuse/opensuse
11.4
... and 6 more
Published
Feb 01, 2012
Tracked Since
Feb 18, 2026