| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.4 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical was found in Mozilla Firefox and Thunderbird 16. This impacts the function mozilla::net::FailDelayManager::Lookup. Executing a manipulation can lead to memory corruption.
The identification of this vulnerability is CVE-2012-4191. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.
Details
A vulnerability has been found in Mozilla Firefox and Thunderbird 16 (Web Browser) and classified as critical. This vulnerability affects the function mozilla::net::FailDelayManager::Lookup. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
The weakness was shared 10/11/2012 with Mozilla as MFSA 2012-88 as confirmed advisory (Website). The advisory is shared for download at mozilla.org. The vendor cooperated in the coordination of the public release. This vulnerability was named CVE-2012-4191 since 08/08/2012. The exploitation appears to be difficult. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 62591 (Mozilla Thunderbird < 16.0.1 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 195287 (Ubuntu Security Notification for Firefox Vulnerabilities (USN-1608-1)).
Upgrading to version 16.0.1 eliminates this vulnerability. The upgrade is hosted for download at mozilla.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (79209), Tenable (62591), SecurityFocus (BID 56153†), OSVDB (86125†) and Secunia (SA86124†). The entries VDB-6663 and VDB-6665 are related to this item. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.mozilla.org/
- Product: https://www.mozilla.org/en-US/firefox/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.4
VulDB Base Score: 5.6
VulDB Temp Score: 5.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 62591
Nessus Name: Mozilla Thunderbird < 16.0.1 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 72477
OpenVAS Name: FreeBSD Ports: firefox
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Firefox/Thunderbird 16.0.1
Timeline
08/08/2012 🔍10/11/2012 🔍
10/11/2012 🔍
10/11/2012 🔍
10/11/2012 🔍
10/12/2012 🔍
10/12/2012 🔍
10/12/2012 🔍
10/14/2012 🔍
10/17/2012 🔍
04/18/2021 🔍
Sources
Vendor: mozilla.orgProduct: mozilla.org
Advisory: MFSA 2012-88
Organization: Mozilla
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2012-4191 (🔍)
GCVE (CVE): GCVE-0-2012-4191
GCVE (VulDB): GCVE-100-6664
OVAL: 🔍
X-Force: 79209
SecurityFocus: 56153
Secunia: 86124
OSVDB: 86125
SecurityTracker: 1027653 - Mozilla Firefox Bugs Let Remote Users Execute Arbitrary Code
Vulnerability Center: 36495 - Mozilla Firefox, Thunderbird and SeaMonkey WebSockets Memory Corruption Vulnerability, Critical
See also: 🔍
Entry
Created: 10/12/2012 15:08Updated: 04/18/2021 09:28
Changes: 10/12/2012 15:08 (74), 01/31/2018 09:54 (11), 04/18/2021 09:28 (2)
Complete: 🔍
Committer:
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.

No comments yet. Languages: en.
Please log in to comment.