Home > Vulnerability Database > CVE-2012-0472

Mend.io Vulnerability Database

CVE-2012-0472

Date: April 25, 2012

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

Severity Score

8.1

Related Resources (11)

Url: http://www.securityfocus.com/bid/53218

Url: http://secunia.com/advisories/49055

Url: https://access.redhat.com/security/cve/CVE-2012-0472

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-0472

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2012:066

Url: http://secunia.com/advisories/48972

Url: http://www.mozilla.org/security/announce/2012/mfsa2012-25.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2012:081

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=744480

Url: https://www.mend.io/vulnerability-database/CVE-2012-0472

Severity Score

8.1

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-0472

Date: April 25, 2012

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?