CVE-2012-0457

Description

Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

Affected products

• Mozilla / Firefox3.6.27
• Mozilla / Firefox10.0 – 10.0
• Mozilla / Firefox10.0.1 – 10.0.1
• Mozilla / Firefox10.0.2 – 10.0.2
• Mozilla / seamonkey2.7.2 – 2.7.2
• Mozilla / seamonkey2.7 – 2.7
• Mozilla / seamonkey2.7 – 2.7
• Mozilla / seamonkey2.7 – 2.7
• Mozilla / seamonkey2.7.1 – 2.7.1
• Mozilla / seamonkey
• Mozilla / seamonkey1.0 – 1.0
• Mozilla / seamonkey1.0 – 1.0
• Mozilla / seamonkey1.0 – 1.0
• Mozilla / seamonkey1.0.1 – 1.0.1
• Mozilla / seamonkey1.0.2 – 1.0.2
• Mozilla / seamonkey1.0.3 – 1.0.3
• Mozilla / seamonkey1.0.4 – 1.0.4
• Mozilla / seamonkey1.0.5 – 1.0.5
• Mozilla / seamonkey1.0.6 – 1.0.6
• Mozilla / seamonkey1.0.7 – 1.0.7
• Mozilla / seamonkey1.0.8 – 1.0.8
• Mozilla / seamonkey1.0.9 – 1.0.9
• Mozilla / seamonkey1.1 – 1.1
• Mozilla / seamonkey1.1 – 1.1
• Mozilla / seamonkey1.1 – 1.1
• Mozilla / seamonkey1.1.1 – 1.1.1
• Mozilla / seamonkey1.1.2 – 1.1.2
• Mozilla / seamonkey1.1.3 – 1.1.3
• Mozilla / seamonkey1.1.4 – 1.1.4
• Mozilla / seamonkey1.1.5 – 1.1.5
• Mozilla / seamonkey1.1.6 – 1.1.6
• Mozilla / seamonkey1.1.7 – 1.1.7
• Mozilla / seamonkey1.1.8 – 1.1.8
• Mozilla / seamonkey1.1.9 – 1.1.9
• Mozilla / seamonkey1.1.10 – 1.1.10
• Mozilla / seamonkey1.1.11 – 1.1.11
• Mozilla / seamonkey1.1.12 – 1.1.12
• Mozilla / seamonkey1.1.13 – 1.1.13
• Mozilla / seamonkey1.1.14 – 1.1.14
• Mozilla / seamonkey1.1.15 – 1.1.15
• Mozilla / seamonkey1.1.16 – 1.1.16
• Mozilla / seamonkey1.1.17 – 1.1.17
• Mozilla / seamonkey1.1.18 – 1.1.18
• Mozilla / seamonkey1.1.19 – 1.1.19
• Mozilla / seamonkey1.5.0.8 – 1.5.0.8
• Mozilla / seamonkey1.5.0.9 – 1.5.0.9
• Mozilla / seamonkey1.5.0.10 – 1.5.0.10
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0.1 – 2.0.1
• Mozilla / seamonkey2.0.2 – 2.0.2
• Mozilla / seamonkey2.0.3 – 2.0.3
• Mozilla / seamonkey2.0.4 – 2.0.4
• Mozilla / seamonkey2.0.5 – 2.0.5
• Mozilla / seamonkey2.0.6 – 2.0.6
• Mozilla / seamonkey2.0.7 – 2.0.7
• Mozilla / seamonkey2.0.8 – 2.0.8
• Mozilla / seamonkey2.0.9 – 2.0.9
• Mozilla / seamonkey2.0.10 – 2.0.10
• Mozilla / seamonkey2.0.11 – 2.0.11
• Mozilla / seamonkey2.0.12 – 2.0.12
• Mozilla / seamonkey2.0.13 – 2.0.13
• Mozilla / seamonkey2.0.14 – 2.0.14
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.2 – 2.2
• Mozilla / seamonkey2.2 – 2.2
• Mozilla / seamonkey2.2 – 2.2
• Mozilla / seamonkey2.2 – 2.2
• Mozilla / seamonkey2.3 – 2.3
• Mozilla / seamonkey2.3 – 2.3
• Mozilla / seamonkey2.3 – 2.3
• Mozilla / seamonkey2.3 – 2.3
• Mozilla / seamonkey2.3.1 – 2.3.1
• Mozilla / seamonkey2.3.2 – 2.3.2
• Mozilla / seamonkey2.3.3 – 2.3.3
• Mozilla / seamonkey2.4 – 2.4
• Mozilla / seamonkey2.4 – 2.4
• Mozilla / seamonkey2.4 – 2.4
• Mozilla / seamonkey2.4 – 2.4
• Mozilla / seamonkey2.4.1 – 2.4.1
• Mozilla / seamonkey2.5 – 2.5
• Mozilla / seamonkey2.5 – 2.5
• Mozilla / seamonkey2.5 – 2.5
• Mozilla / seamonkey2.5 – 2.5
• Mozilla / seamonkey2.5 – 2.5
• Mozilla / seamonkey2.6 – 2.6
• Mozilla / seamonkey2.6 – 2.6
• Mozilla / seamonkey2.6 – 2.6
• Mozilla / seamonkey2.6 – 2.6
• Mozilla / seamonkey2.6 – 2.6
• Mozilla / seamonkey2.6.1 – 2.6.1
• Mozilla / seamonkey2.7 – 2.7
• Mozilla / seamonkey2.7 – 2.7
• Mozilla / seamonkey2.7 – 2.7
• Mozilla / Thunderbird1.0 – 3.1.19
• Mozilla / Thunderbird ESR10.0 – 10.0
• Mozilla / Thunderbird ESR10.0.1 – 10.0.1
• Mozilla / Thunderbird ESR10.0.2 – 10.0.2

References

• MAILING_LISThttp://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/48402
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:031
• VENDOR_ADVISORYhttp://secunia.com/advisories/48624
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1400-5
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775
• MISChttps://bugzilla.mozilla.org/show_bug.cgi?id=720103
• VENDOR_ADVISORYhttp://secunia.com/advisories/48414
• VENDOR_ADVISORYhttp://secunia.com/advisories/48359
• VENDOR_ADVISORYhttp://secunia.com/advisories/48823
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1401-1
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1400-4
• VENDOR_ADVISORYhttp://secunia.com/advisories/48629
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1400-3
• MISChttp://rhn.redhat.com/errata/RHSA-2012-0387.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/48496
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
• MISChttp://www.mozilla.org/security/announce/2012/mfsa2012-14.html
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1400-2
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:032
• MISChttp://www.securitytracker.com/id?1026803
• VENDOR_ADVISORYhttp://secunia.com/advisories/48495
• VENDOR_ADVISORYhttp://secunia.com/advisories/48553
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1400-1
• VENDOR_ADVISORYhttp://secunia.com/advisories/48561
• MISChttp://rhn.redhat.com/errata/RHSA-2012-0388.html
• MISChttp://www.securitytracker.com/id?1026801
• MISChttp://www.securitytracker.com/id?1026804
• VENDOR_ADVISORYhttp://secunia.com/advisories/48513