Home > Vulnerability Database > CVE-2012-3972

Mend.io Vulnerability Database

CVE-2012-3972

Date: August 29, 2012

The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.

Severity Score

5.3

Related Resources (18)

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=746855

Url: https://access.redhat.com/security/cve/CVE-2012-3972

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234

Url: http://www.debian.org/security/2012/dsa-2556

Url: http://www.debian.org/security/2012/dsa-2554

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-3972

Url: http://www.debian.org/security/2012/dsa-2553

Url: http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

Url: http://rhn.redhat.com/errata/RHSA-2012-1210.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3972

Url: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html

Url: http://www.ubuntu.com/usn/USN-1548-2

Url: http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html

Url: http://www.ubuntu.com/usn/USN-1548-1

Url: http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html

Url: http://rhn.redhat.com/errata/RHSA-2012-1211.html

Url: http://www.mozilla.org/security/announce/2012/mfsa2012-65.html

Url: https://www.mend.io/vulnerability-database/CVE-2012-3972

Severity Score

5.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-3972

Date: August 29, 2012

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?