Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4vcw-dt9x-wqdd
Vulnerability ID VCID-4vcw-dt9x-wqdd
Aliases CVE-2012-5835
Summary Security researcher miaubiz used the Address Sanitizer tool to discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-416 Use After Free
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.00894 https://api.first.org/data/v1/epss?cve=CVE-2012-5835
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2012-106
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5835.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5835
877635 https://bugzilla.redhat.com/show_bug.cgi?id=877635
CVE-2012-5835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5835
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2012-106 https://www.mozilla.org/en-US/security/advisories/mfsa2012-106
RHSA-2012:1482 https://access.redhat.com/errata/RHSA-2012:1482
RHSA-2012:1483 https://access.redhat.com/errata/RHSA-2012:1483
USN-1636-1 https://usn.ubuntu.com/1636-1/
USN-1638-1 https://usn.ubuntu.com/1638-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.75919
EPSS Score 0.00894
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:23.524220+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-106.md 38.6.0