CERTA-2012-AVI-467
Vulnerability from certfr_avis - Published: - Updated:
Seize vulnérabilités ont été corrigées dans les produits Mozilla. Sept d'entre elles sont considérées comme critiques par l'éditeur. Plusieurs concernent le traitement des images, des utilisations de données après leur libération et différentes compromissions d'espace mémoire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | N/A | versions antérieures à SeaMonkey 2.12 ; | ||
| Mozilla | Thunderbird | versions antérieures à Thunderbird ESR 10.0.7 ; | ||
| Mozilla | Thunderbird | versions antérieures à Thunderbird 15 ; | ||
| Mozilla | N/A | versions antérieures à Icedove 10.0.7-1. | ||
| Mozilla | Firefox ESR | versions antérieures à Firefox ESR 10.0.7 ; | ||
| Mozilla | Firefox | Versions antérieures à Firefox 15 ; |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "versions ant\u00e9rieures \u00e0 SeaMonkey 2.12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Thunderbird ESR 10.0.7 ;",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Thunderbird 15 ;",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Icedove 10.0.7-1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Firefox ESR 10.0.7 ;",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Versions ant\u00e9rieures \u00e0 Firefox 15 ;",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1973"
},
{
"name": "CVE-2012-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3974"
},
{
"name": "CVE-2012-3962",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3962"
},
{
"name": "CVE-2012-3967",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3967"
},
{
"name": "CVE-2012-3966",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3966"
},
{
"name": "CVE-2012-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1972"
},
{
"name": "CVE-2012-3976",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3976"
},
{
"name": "CVE-2012-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1975"
},
{
"name": "CVE-2012-3971",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3971"
},
{
"name": "CVE-2012-3957",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3957"
},
{
"name": "CVE-2012-3975",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3975"
},
{
"name": "CVE-2012-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3970"
},
{
"name": "CVE-2012-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3978"
},
{
"name": "CVE-2012-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3959"
},
{
"name": "CVE-2012-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3973"
},
{
"name": "CVE-2012-3980",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3980"
},
{
"name": "CVE-2012-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1971"
},
{
"name": "CVE-2012-3963",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3963"
},
{
"name": "CVE-2012-3961",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3961"
},
{
"name": "CVE-2012-3972",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3972"
},
{
"name": "CVE-2012-3965",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3965"
},
{
"name": "CVE-2012-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1956"
},
{
"name": "CVE-2012-3968",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3968"
},
{
"name": "CVE-2012-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1974"
},
{
"name": "CVE-2012-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1976"
},
{
"name": "CVE-2012-3964",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3964"
},
{
"name": "CVE-2012-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3960"
},
{
"name": "CVE-2012-3969",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3969"
},
{
"name": "CVE-2012-3979",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3979"
},
{
"name": "CVE-2012-1970",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1970"
},
{
"name": "CVE-2012-3958",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3958"
},
{
"name": "CVE-2012-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3956"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-69 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-69.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-61 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-61.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-63 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-63.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-59 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-59.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-67 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-67.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de Debian DSA-2556 du 07 octobre 2012 :",
"url": "http://www.debian.org/security/2012/dsa-2556"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-71 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-71.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-65 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-65.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-66 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-66.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-68 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-68.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-64 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-64.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-72 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-72.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-70 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-70.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-58 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-60 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-60.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-57 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-57.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla mfsa2012-62 du 28 ao\u00fbt 2012 :",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html"
}
],
"reference": "CERTA-2012-AVI-467",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2012-08-29T00:00:00.000000"
},
{
"description": "ajout du produit Icedove.",
"revision_date": "2012-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Seize vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eMozilla\u003c/span\u003e. Sept d\u0027entre elles sont consid\u00e9r\u00e9es comme\ncritiques par l\u0027\u00e9diteur. Plusieurs concernent le traitement des images,\ndes utilisations de donn\u00e9es apr\u00e8s leur lib\u00e9ration et diff\u00e9rentes\ncompromissions d\u0027espace m\u00e9moire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla et Icedove",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 Mozilla du 28 ao\u00fbt 2012",
"url": null
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…