Unrated severityNVD Advisory· Published Oct 10, 2012· Updated Apr 29, 2026
CVE-2012-3989
CVE-2012-3989
Description
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.
Affected products
12cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.htmlnvdMailing ListThird Party Advisory
- www.mozilla.org/security/announce/2012/mfsa2012-80.htmlnvdVendor Advisory
- www.ubuntu.com/usn/USN-1611-1nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16814nvdThird Party Advisory
- osvdb.org/86097nvdBroken Link
- secunia.com/advisories/50856nvdBroken Link
- secunia.com/advisories/50892nvdBroken Link
- secunia.com/advisories/50904nvdBroken Link
- secunia.com/advisories/50935nvdBroken Link
- secunia.com/advisories/50984nvdBroken Link
News mentions
0No linked articles in our index yet.