Vulnerability Details : CVE-2012-1958
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content.
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-1958
Probability of exploitation activity in the next 30 days: 6.97%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1958
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-1958
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1958
-
http://rhn.redhat.com/errata/RHSA-2012-1088.html
RHSA-2012:1088 - Security Advisory - Red Hat Customer Portal
-
http://secunia.com/advisories/49993
Sign in
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16434
Repository / Oval Repository
-
http://secunia.com/advisories/49994
Sign in
-
http://www.securitytracker.com/id?1027257
Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
http://www.mozilla.org/security/announce/2012/mfsa2012-48.html
use-after-free in nsGlobalWindow::PageHidden — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
[security-announce] SUSE-SU-2012:0895-1: important: Security update for
-
https://bugzilla.mozilla.org/show_bug.cgi?id=750820
750820 - (CVE-2012-1958) Use-after-free in nsGlobalWindow::PageHidden
-
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
[security-announce] openSUSE-SU-2012:0917-1: important: MozillaThunderbi
-
http://www.ubuntu.com/usn/USN-1509-1
USN-1509-1: Firefox vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/54574
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1958 Use-After-Free Memory Corruption Vulnerability
-
http://osvdb.org/84001
-
http://www.securitytracker.com/id?1027256
Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
[security-announce] openSUSE-SU-2012:0899-1: critical: MozillaFirefox to
- http://secunia.com/advisories/49979
-
http://www.ubuntu.com/usn/USN-1509-2
USN-1509-2: ubufox update | Ubuntu security notices
-
http://secunia.com/advisories/49968
Sign in
-
http://www.securitytracker.com/id?1027258
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code, Spoof Web Sites, Obtain Information, and Conduct Cross-Site Scripting Attacks - SecurityTracker
-
http://www.ubuntu.com/usn/USN-1510-1
USN-1510-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://secunia.com/advisories/49977
Sign in
-
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
[security-announce] SUSE-SU-2012:0896-1: important: Security update for
Products affected by CVE-2012-1958
- cpe:2.3:a:mozilla:firefox:4.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:beta12:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:12.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:10.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:10.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:10.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:10.0.5:*:*:*:*:*:*:*