7.5
CVE-2012-5836
- EPSS 1.87%
- Published 21.11.2012 12:55:03
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.
Data is provided by the National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 17.0
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4
Suse ≫ Linux Enterprise Desktop Version11 Updatesp2
Suse ≫ Linux Enterprise Server Version10 Updatesp4
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version12.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.87% | 0.823 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.