CVE-2012-5838 Detail

Modified

This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.

Description

The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions.

Source: MITRE Last Modified: 11/21/2012

Quick Info

CVE Dictionary Entry:: CVE-2012-5838
Original release date:: 11/21/2012
Last revised:: 09/18/2017
Source:: US-CERT/NIST

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:: 10.0 HIGH
Vector:: (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:: 10.0
Exploitability Subscore:: 10.0

CVSS Version 2 Metrics:

Access Vector:: Network exploitable
Access Complexity:: Low
Authentication:: Not required to exploit
Impact Type:: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource	Type	Source	Name
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html		External Source	SUSE	SUSE-SU-2012:1592
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html		External Source	SUSE	openSUSE-SU-2013:0175
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html		External Source	SUSE	openSUSE-SU-2012:1583
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html		External Source	SUSE	openSUSE-SU-2012:1585
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html		External Source	SUSE	openSUSE-SU-2012:1586
http://www.mozilla.org/security/announce/2012/mfsa2012-106.html	Vendor Advisory	External Source	CONFIRM	http://www.mozilla.org/security/announce/2012/mfsa2012-106.html
http://www.securityfocus.com/bid/56644		External Source	BID	56644
http://www.ubuntu.com/usn/USN-1636-1		External Source	UBUNTU	USN-1636-1
http://www.ubuntu.com/usn/USN-1638-1		External Source	UBUNTU	USN-1638-1
http://www.ubuntu.com/usn/USN-1638-2		External Source	UBUNTU	USN-1638-2
http://www.ubuntu.com/usn/USN-1638-3		External Source	UBUNTU	USN-1638-3
https://bugzilla.mozilla.org/show_bug.cgi?id=802778		External Source	CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=802778
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16896		External Source	OVAL	oval:org.mitre.oval:def:16896

Technical Details

Vulnerability Type (View All)

Numeric Errors (CWE-189)

Vulnerable software and versions Switch to CPE 2.2

Showing 100 of 443 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database