CVE-2012-0464

N/A Unknown
Published: March 14, 2012 Modified: April 29, 2026
View on NVD

Description

Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Source: cve@mitre.org
Third Party Advisory
http://pwn2own.zerodayinitiative.com/status.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0387.html
Source: cve@mitre.org
http://rhn.redhat.com/errata/RHSA-2012-0388.html
Source: cve@mitre.org
http://secunia.com/advisories/48359
Source: cve@mitre.org
http://secunia.com/advisories/48402
Source: cve@mitre.org
http://secunia.com/advisories/48414
Source: cve@mitre.org
http://secunia.com/advisories/48495
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48496
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48513
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48553
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48561
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48624
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48629
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/48823
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Source: cve@mitre.org
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Source: cve@mitre.org
http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/52465
Source: cve@mitre.org
http://www.securitytracker.com/id?1026801
Source: cve@mitre.org
http://www.securitytracker.com/id?1026803
Source: cve@mitre.org
http://www.securitytracker.com/id?1026804
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-1400-1
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-1400-2
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-3
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5
Source: cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1
Source: cve@mitre.org
Third Party Advisory
http://www.zdnet.com/blog/security/mozilla-knew-of-pwn2own-bug-before-cansecwest/10757
Source: cve@mitre.org
Third Party Advisory
http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663
Source: cve@mitre.org
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=720079
Source: cve@mitre.org
Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=735104
Source: cve@mitre.org
Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14170
Source: cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://pwn2own.zerodayinitiative.com/status.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0387.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://rhn.redhat.com/errata/RHSA-2012-0388.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48359
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48402
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48414
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/48495
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48496
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48513
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48553
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48561
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48624
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48629
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48823
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2012/mfsa2012-19.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/52465
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026801
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026803
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1026804
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1400-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1400-2
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-3
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-4
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1400-5
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-1401-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.zdnet.com/blog/security/mozilla-knew-of-pwn2own-bug-before-cansecwest/10757
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=720079
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=735104
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14170
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

70 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
3.9%
89th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-399

Affected Vendors

mozilla

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8