Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors | Products |
---|---|
Mozilla |
|
Microsoft |
|
Configuration 1 [-]
AND |
|
Configuration 2 [-]
AND |
|
Configuration 3 [-]
AND |
|
Configuration 4 [-]
AND |
|
Configuration 5 [-]
AND |
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2012-03-14T19:00:00
Updated: 2018-01-17T19:57:01
Reserved: 2012-01-09T00:00:00
Link: CVE-2012-0454
JSON object: View
NVD Information
Status : Modified
Published: 2012-03-14T19:55:01.710
Modified: 2018-10-30T16:27:21.030
Link: CVE-2012-0454
JSON object: View
Redhat Information
No data.
CWE