Unrated severityNVD Advisory· Published Oct 10, 2012· Updated Jun 16, 2026
CVE-2012-4188
CVE-2012-4188
Description
Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <10.0.8
- (no CPE)range: <=16.0; ESR <=10.0.8
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <2.13
- (no CPE)range: <=2.13
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <16.0
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*range: <10.0.8
- (no CPE)range: <=16.0; ESR <=10.0.8
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_sdk:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
Patches
Vulnerability mechanics
References
20- lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1351.htmlnvdThird Party Advisory
- secunia.com/advisories/50856nvdThird Party Advisory
- secunia.com/advisories/50892nvdThird Party Advisory
- secunia.com/advisories/50904nvdThird Party Advisory
- secunia.com/advisories/50935nvdThird Party Advisory
- secunia.com/advisories/50936nvdThird Party Advisory
- secunia.com/advisories/50984nvdThird Party Advisory
- secunia.com/advisories/51181nvdThird Party Advisory
- secunia.com/advisories/55318nvdThird Party Advisory
- www.debian.org/security/2012/dsa-2565nvdThird Party Advisory
- www.debian.org/security/2012/dsa-2569nvdThird Party Advisory
- www.debian.org/security/2012/dsa-2572nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mozilla.org/security/announce/2012/mfsa2012-86.htmlnvdVendor Advisory
- www.ubuntu.com/usn/USN-1611-1nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/79165nvdThird Party AdvisoryVDB Entry
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16964nvdThird Party Advisory
- osvdb.org/86096nvdBroken Link
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.