Skip to navigation

CVE Database

CVE-2012-0449

Impact: Critical
Public: 2012-01-31
Bugzilla: 785966: CVE-2012-0449 Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)

Details

The MITRE CVE dictionary describes this issue as:

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.

Find out more about CVE-2012-0449 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 6.8
Base Metrics: AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 4 (firefox) RHSA-2012:0079 February 01, 2012
Red Hat Enterprise Linux version 5 (firefox) RHSA-2012:0079 February 01, 2012
Red Hat Enterprise Linux version 6 (firefox) RHSA-2012:0079 February 01, 2012
Red Hat Enterprise Linux version 6 (thunderbird) RHSA-2012:0080 January 31, 2012

External References

http://www.mozilla.org/security/announce/2012/mfsa2012-08.html

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.