CVE-2012-3990

Firefox < 16.0 - Use-After-Free in IME State Manager

Title source: llm

Description

Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function.

References (19)

Core 19

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50904

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50984

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50935

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2012/mfsa2012-87.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50856

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2565

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50892

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/79172

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2572

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1351.html

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16642

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50936

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51181

Issue Tracking, Vendor Advisory x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=787704

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55318

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2012:163

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1611-1

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2012/dsa-2569

Scores

EPSS 0.0607

EPSS Percentile 90.9%

Details

CWE

CWE-416

Status published

Products (21)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 11.04

canonical/ubuntu_linux 11.10

canonical/ubuntu_linux 12.04

debian/debian_linux 6.0

mozilla/firefox < 10.0.8

mozilla/seamonkey < 2.13

mozilla/thunderbird < 16.0

mozilla/thunderbird_esr < 10.0.8

redhat/enterprise_linux_desktop 5.0

... and 11 more

Published Oct 10, 2012

Tracked Since Feb 18, 2026