Vulnerability CVE-2012-3979


Published: 2012-08-29

Description:
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.

Vendor: Mozilla
Product: Firefox 
Version:
9.0.1
9.0
8.0.1
8.0
7.0.1
7.0
6.0.2
6.0.1
6.0
5.0.1
5.0
4.0.1
4.0
3.6.9
3.6.8
3.6.7
3.6.6
3.6.4
3.6.3
3.6.25
3.6.24
3.6.23
3.6.22
3.6.21
3.6.20
3.6.2
3.6.19
3.6.18
3.6.17
3.6.16
3.6.15
3.6.14
3.6.13
3.6.12
3.6.11
3.6.10
3.6
3.5.9
3.5.8
3.5.7
3.5.6
3.5.5
3.5.4
3.5.3
3.5.2
3.5.15
3.5.14
3.5.13
3.5.12
3.5.11
3.5.10
3.5.1
3.5
3.0.9
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.17
3.0.16
3.0.15
3.0.14
3.0.13
3.0.12
3.0.11
3.0.10
3.0.1
3.0
2.0.0.9
2.0.0.8
2.0.0.7
2.0.0.6
2.0.0.5
2.0.0.4
2.0.0.3
2.0.0.20
2.0.0.2
2.0.0.19
2.0.0.18
2.0.0.17
2.0.0.16
2.0.0.15
2.0.0.14
2.0.0.13
2.0.0.12
2.0.0.11
2.0.0.10
2.0.0.1
2.0
14.0
13.0
12.0
11.0
See more versions on NVD
Product: Firefox mobile 
Version: 6.0.2; 6.0.1;
Product: Firefox esr 
Version: 10.0.6; 10.0.5;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://bugzilla.mozilla.org/show_bug.cgi?id=769265
http://www.mozilla.org/security/announce/2012/mfsa2012-71.html

Related CVE
CVE-2007-5341
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVE-2017-7502
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
CVE-2017-5461
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i...
CVE-2016-2803
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
CVE-2016-5284
Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificat...
CVE-2016-5282
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
CVE-2016-5283
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resiz...
CVE-2016-5280
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 allows remote attackers to execute arbitrary code via bidirectional text.

Copyright 2017, cxsecurity.com

 

Back to Top