Search for vulnerabilities
Vulnerability details: VCID-rru1-3cfp-aaah
Vulnerability ID VCID-rru1-3cfp-aaah
Aliases CVE-2012-0444
Summary Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2012:0079
rhas Important https://access.redhat.com/errata/RHSA-2012:0136
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.02228 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.04354 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.08929 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.38928 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.38928 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.38928 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.38928 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
epss 0.88550 https://api.first.org/data/v1/epss?cve=CVE-2012-0444
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=786026
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2012-0444
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2012-07
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json
https://api.first.org/data/v1/epss?cve=CVE-2012-0444
https://bugzilla.mozilla.org/show_bug.cgi?id=719612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
http://secunia.com/advisories/48043
http://secunia.com/advisories/48095
https://exchange.xforce.ibmcloud.com/vulnerabilities/72858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464
http://www.debian.org/security/2012/dsa-2400
http://www.debian.org/security/2012/dsa-2402
http://www.debian.org/security/2012/dsa-2406
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
http://www.securityfocus.com/bid/51753
http://www.ubuntu.com/usn/USN-1370-1
664197 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197
786026 https://bugzilla.redhat.com/show_bug.cgi?id=786026
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
CVE-2012-0444 https://nvd.nist.gov/vuln/detail/CVE-2012-0444
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2012-07 https://www.mozilla.org/en-US/security/advisories/mfsa2012-07
RHSA-2012:0079 https://access.redhat.com/errata/RHSA-2012:0079
RHSA-2012:0136 https://access.redhat.com/errata/RHSA-2012:0136
USN-1350-1 https://usn.ubuntu.com/1350-1/
USN-1353-1 https://usn.ubuntu.com/1353-1/
USN-1355-1 https://usn.ubuntu.com/1355-1/
USN-1369-1 https://usn.ubuntu.com/1369-1/
USN-1370-1 https://usn.ubuntu.com/1370-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2012-0444
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83136
EPSS Score 0.02228
Published At April 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.