CVE-2012-3967

 

Published at: - 29-08-2012 12:56

Last modified: - 23-01-2023 07:44

Total changes: - 9

Description

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• http://www.mozilla.org/security/announce/2012/mfsa2012-62.html
• https://bugzilla.mozilla.org/show_bug.cgi?id=777028
• USN-1548-2-Third Party Advisory
• USN-1548-1-Third Party Advisory
• SUSE-SU-2012:1167-Mailing List, Third Party Advisory
• RHSA-2012:1211-Third Party Advisory
• openSUSE-SU-2012:1065-Mailing List, Third Party Advisory
• RHSA-2012:1210-Third Party Advisory
• SUSE-SU-2012:1157-Mailing List, Third Party Advisory
• 55277-Third Party Advisory, VDB Entry
• http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

 

Keywords

NVD

 

CVE-2012-3967

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures