Test ID:	1.3.6.1.4.1.25623.1.2.1.2012.44
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2012-44) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Gecko memory corruption Google security researcher Abhishek Arya used the Address Sanitizer tool to uncover four issues: two use-after-free problems, one out of bounds read bug, and a bad cast. The first use-after-free problem is caused when an array of nsSMILTimeValueSpec objects is destroyed but attempts are made to call into objects in this array later. The second use-after-free problem is in nsDocument::AdoptNode when it adopts into an empty document and then adopts into another document, emptying the first one. The heap buffer overflow is in ElementAnimations when data is read off of end of an array and then pointers are dereferenced. The bad cast happens when nsTableFrame::InsertFrames is called with frames in aFrameList that are a mix of row group frames and column group frames. AppendFrames is not able to handle this mix. Affected Software/OS: Firefox version(s) below 14. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1951 BugTraq ID: 54578 http://www.securityfocus.com/bid/54578 http://osvdb.org/83997 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16077 RedHat Security Advisories: RHSA-2012:1088 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://www.securitytracker.com/id?1027256 http://www.securitytracker.com/id?1027257 http://www.securitytracker.com/id?1027258 http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http://secunia.com/advisories/49977 http://secunia.com/advisories/49979 http://secunia.com/advisories/49992 http://secunia.com/advisories/49993 http://secunia.com/advisories/49994 SuSE Security Announcement: SUSE-SU-2012:0895 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html SuSE Security Announcement: SUSE-SU-2012:0896 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html SuSE Security Announcement: openSUSE-SU-2012:0899 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:0917 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://www.ubuntu.com/usn/USN-1509-1 http://www.ubuntu.com/usn/USN-1509-2 http://www.ubuntu.com/usn/USN-1510-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-1952 http://osvdb.org/83999 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16942 Common Vulnerability Exposure (CVE) ID: CVE-2012-1953 http://osvdb.org/83998 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16894 Common Vulnerability Exposure (CVE) ID: CVE-2012-1954 Debian Security Information: DSA-2514 (Google Search) http://www.debian.org/security/2012/dsa-2514 Debian Security Information: DSA-2528 (Google Search) http://www.debian.org/security/2012/dsa-2528 http://osvdb.org/83995 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16984 http://secunia.com/advisories/49963 http://secunia.com/advisories/49964
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.