CVE-2012-3988

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-3988 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Soroush Dalili.
The original article can be found at: http://www.mozilla.org/security/announce/2012/mfsa2012-79.html

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-3988

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Mozilla Thunderbird ESR 10.0.5

An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition.

Security researcher Soroush Dalili reported that a combination of invoking full screen mode and navigating backwards in history could, in some circumstances, cause a hang or crash due to a timing dependent use-after-free pointer reference. This crash may be potentially exploitable.Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation.

CVE Information:
CVE-2012-3988

Disclosure Timeline:
Published: Oct 09 2012 12:00AM
Updated: Oct 22 2012 06:20AM

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus