Vulnerability CVE-2012-3979


Published: 2012-08-29

Description:
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.

Vendor: Mozilla
Product: Firefox 
Version:
9.0.1
9.0
8.0.1
8.0
7.0.1
7.0
6.0.2
6.0.1
6.0
5.0.1
5.0
4.0.1
4.0
3.6.9
3.6.8
3.6.7
3.6.6
3.6.4
3.6.3
3.6.25
3.6.24
3.6.23
3.6.22
3.6.21
3.6.20
3.6.2
3.6.19
3.6.18
3.6.17
3.6.16
3.6.15
3.6.14
3.6.13
3.6.12
3.6.11
3.6.10
3.6
3.5.9
3.5.8
3.5.7
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.15
3.5.14
3.5.13
3.5.12
3.5.11
3.5.10
3.5.1
3.5
3.0.9
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.17
3.0.16
3.0.15
3.0.14
3.0.13
3.0.12
3.0.11
3.0.10
3.0.1
3.0
2.0.0.9
2.0.0.8
2.0.0.7
2.0.0.6
2.0.0.5
2.0.0.4
2.0.0.3
2.0.0.20
2.0.0.2
2.0.0.19
2.0.0.18
2.0.0.17
2.0.0.16
2.0.0.15
2.0.0.14
2.0.0.13
2.0.0.12
2.0.0.11
2.0.0.10
2.0.0.1
2.0
14.0
13.0
12.0
11.0
See more versions on NVD
Product: Firefox mobile 
Version: 6.0.2; 6.0.1;
Product: Firefox esr 
Version: 10.0.6; 10.0.5;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://bugzilla.mozilla.org/show_bug.cgi?id=769265
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html

Related CVE
CVE-2016-9574
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
CVE-2018-8024
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause...
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the loc...
CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual mac...
CVE-2018-12433
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different...
CVE-2018-5185
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5184
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 5...

Copyright 2018, cxsecurity.com

 

Back to Top