Rapid7 Vulnerability & Exploit Database

ELSA-2012-0515 Critical: Oracle Linux firefox security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2012-0515 Critical: Oracle Linux firefox security update

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

04/25/2012

Created

07/25/2018

Added

05/02/2012

Modified

04/11/2019

Description

Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems."

Solution(s)

oracle-linux-upgrade-firefox
oracle-linux-upgrade-xulrunner
oracle-linux-upgrade-xulrunner-devel

References

https://attackerkb.com/topics/cve-2011-3062
53218
53219
53220
53221
53223
53224
53225
53227
53228
53229
53231
CVE - 2011-3062
CVE - 2012-0467
CVE - 2012-0468
CVE - 2012-0469
CVE - 2012-0470
CVE - 2012-0471
CVE - 2012-0472
CVE - 2012-0473
CVE - 2012-0474
CVE - 2012-0477
CVE - 2012-0478
CVE - 2012-0479
DSA-2457
DSA-2458
DSA-2464
OVAL15488
OVAL16107
OVAL16113
OVAL16734
OVAL16771
OVAL16889
OVAL16893
OVAL16961
OVAL16989
OVAL17011
OVAL17067
OVAL17074
http://oss.oracle.com/pipermail/el-errata/2012-April/002773.html
http://oss.oracle.com/pipermail/el-errata/2012-April/002777.html
74412
75154
75155
75156

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;