製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性

Title	複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性
Summary	複数の Mozilla 製品のブラウザエンジンには、サービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態となる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	第三者により、サービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 28, 2012, midnight
Registration Date	Aug. 30, 2012, 12:16 p.m.
Last Update	June 7, 2013, 6:33 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

Mozilla Foundation

Mozilla Firefox 15.0 未満

Mozilla Firefox ESR 10.0.7 未満の 10.x

Mozilla SeaMonkey 2.12 未満

Mozilla Thunderbird 15.0 未満

Mozilla Thunderbird ESR 10.0.7 未満の 10.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1970	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1970
National Vulnerability Database (NVD)
2	CVE-2012-1970	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1970

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Debian Security Advisory
1	DSA-2553	http://www.debian.org/security/2012/dsa-2553
2	DSA-2554	http://www.debian.org/security/2012/dsa-2554
3	DSA-2556	http://www.debian.org/security/2012/dsa-2556
Mozilla Bugzilla
4	Bug 745158	https://bugzilla.mozilla.org/show_bug.cgi?id=745158
5	Bug 758408	https://bugzilla.mozilla.org/show_bug.cgi?id=758408
6	Bug 761831	https://bugzilla.mozilla.org/show_bug.cgi?id=761831
7	Bug 764176	https://bugzilla.mozilla.org/show_bug.cgi?id=764176
8	Bug 775206	https://bugzilla.mozilla.org/show_bug.cgi?id=775206
9	Bug 777806	https://bugzilla.mozilla.org/show_bug.cgi?id=777806
10	Bug 778765	https://bugzilla.mozilla.org/show_bug.cgi?id=778765
Mozilla Foundation Security Advisory
11	MFSA2012-57	http://www.mozilla.org/security/announce/2012/mfsa2012-57.html
Mozilla Foundation セキュリティアドバイザリ
12	MFSA2012-57	http://www.mozilla-japan.org/security/announce/2012/mfsa2012-57.html
opensuse-security-announce
13	openSUSE-SU-2012:1065	http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
14	SUSE-SU-2012:1157	http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
15	SUSE-SU-2012:1167	http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
Red Hat Security Advisory
16	RHSA-2012:1210	http://rhn.redhat.com/errata/RHSA-2012-1210.html
17	RHSA-2012:1211	http://rhn.redhat.com/errata/RHSA-2012-1211.html
SECURITY BLOG
18	Multiple vulnerabilities in Firefox	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox
19	Multiple vulnerabilities in Thunderbird	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird7
Ubuntu Security Notice
20	USN-1548-1	http://www.ubuntu.com/usn/USN-1548-1/
21	USN-1548-2	http://www.ubuntu.com/usn/USN-1548-2/
Xerox Security Bulletin
22	XRX13-003	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Change Log

No	Changed Details	Date of change
0	[2012年08月30日] 掲載 [2012年10月22日] ベンダ情報：Debian (DSA-2556) を追加ベンダ情報：Debian (DSA-2553) を追加ベンダ情報：Mozilla Foundation (Bug 758408) を追加ベンダ情報：Ubuntu (USN-1548-2) を追加 [2012年11月16日] ベンダ情報：Debian (DSA-2554) を追加ベンダ情報：Ubuntu (USN-1548-1) を追加ベンダ情報：openSUSE (SUSE-SU-2012:1167) を追加ベンダ情報：Mozilla Foundation (Bug 778765) を追加ベンダ情報：Mozilla Foundation (Bug 777806) を追加ベンダ情報：Mozilla Foundation (Bug 775206) を追加ベンダ情報：Mozilla Foundation (Bug 764176) を追加ベンダ情報：Mozilla Foundation (Bug 761831) を追加ベンダ情報：Mozilla Foundation (Bug 745158) を追加 [2012年12月14日] ベンダ情報：オラクル (Multiple vulnerabilities in Thunderbird) を追加ベンダ情報：オラクル (Multiple vulnerabilities in Firefox) を追加 [2013年06月07日] ベンダ情報：Xerox (XRX13-003) を追加ベンダ情報：openSUSE (SUSE-SU-2012:1157) を追加ベンダ情報：openSUSE (openSUSE-SU-2012:1065) を追加ベンダ情報：レッドハット (RHSA-2012:1210) を追加ベンダ情報：レッドハット (RHSA-2012:1211) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-1970

Summary	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Publication Date	Aug. 29, 2012, 7:56 p.m.
Registration Date	Jan. 28, 2021, 2:57 p.m.
Last Update	Nov. 21, 2024, 10:38 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox::::::::				15.0
cpe:2.3:a:mozilla:seamonkey::::::::				2.12
cpe:2.3:a:mozilla:thunderbird::::::::				15.0
cpe:2.3:a:mozilla:thunderbird_esr::::::::	10.0			10.0.7
cpe:2.3:a:mozilla:firefox::::::::	10.0			10.0.7

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
cpe:2.3:o:opensuse:opensuse:12.2:::::::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:7.0:::::::*
cpe:2.3:o:debian:debian_linux:6.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html	Mailing List Third Party Advisory
7	http://rhn.redhat.com/errata/RHSA-2012-1210.html	Third Party Advisory
8	http://rhn.redhat.com/errata/RHSA-2012-1210.html	Third Party Advisory
9	http://rhn.redhat.com/errata/RHSA-2012-1211.html	Third Party Advisory
10	http://rhn.redhat.com/errata/RHSA-2012-1211.html	Third Party Advisory
11	http://www.debian.org/security/2012/dsa-2553	Third Party Advisory
12	http://www.debian.org/security/2012/dsa-2553	Third Party Advisory
13	http://www.debian.org/security/2012/dsa-2554	Third Party Advisory
14	http://www.debian.org/security/2012/dsa-2554	Third Party Advisory
15	http://www.debian.org/security/2012/dsa-2556	Third Party Advisory
16	http://www.debian.org/security/2012/dsa-2556	Third Party Advisory
17	http://www.mozilla.org/security/announce/2012/mfsa2012-57.html	Vendor Advisory
18	http://www.mozilla.org/security/announce/2012/mfsa2012-57.html	Vendor Advisory
19	http://www.securityfocus.com/bid/55266	Third Party Advisory VDB Entry
20	http://www.securityfocus.com/bid/55266	Third Party Advisory VDB Entry
21	http://www.ubuntu.com/usn/USN-1548-1	Third Party Advisory
22	http://www.ubuntu.com/usn/USN-1548-1	Third Party Advisory
23	http://www.ubuntu.com/usn/USN-1548-2	Third Party Advisory
24	http://www.ubuntu.com/usn/USN-1548-2	Third Party Advisory
25	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf	Third Party Advisory
26	http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf	Third Party Advisory
27	https://bugzilla.mozilla.org/show_bug.cgi?id=745158	Issue Tracking Vendor Advisory
28	https://bugzilla.mozilla.org/show_bug.cgi?id=745158	Issue Tracking Vendor Advisory
29	https://bugzilla.mozilla.org/show_bug.cgi?id=758408	Issue Tracking Vendor Advisory
30	https://bugzilla.mozilla.org/show_bug.cgi?id=758408	Issue Tracking Vendor Advisory
31	https://bugzilla.mozilla.org/show_bug.cgi?id=761831	Issue Tracking Vendor Advisory
32	https://bugzilla.mozilla.org/show_bug.cgi?id=761831	Issue Tracking Vendor Advisory
33	https://bugzilla.mozilla.org/show_bug.cgi?id=764176	Issue Tracking Vendor Advisory
34	https://bugzilla.mozilla.org/show_bug.cgi?id=764176	Issue Tracking Vendor Advisory
35	https://bugzilla.mozilla.org/show_bug.cgi?id=775206	Issue Tracking Vendor Advisory
36	https://bugzilla.mozilla.org/show_bug.cgi?id=775206	Issue Tracking Vendor Advisory
37	https://bugzilla.mozilla.org/show_bug.cgi?id=777806	Issue Tracking Vendor Advisory
38	https://bugzilla.mozilla.org/show_bug.cgi?id=777806	Issue Tracking Vendor Advisory
39	https://bugzilla.mozilla.org/show_bug.cgi?id=778765	Issue Tracking Vendor Advisory
40	https://bugzilla.mozilla.org/show_bug.cgi?id=778765	Issue Tracking Vendor Advisory
41	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910	Third Party Advisory
42	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
cpe:2.3:o:opensuse:opensuse:12.2:::::::*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::
cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:::::::*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*