CVE-2012-0459 Information

Description

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0 Firefox ESR 10.x before 10.0.3 Thunderbird 5.0 through 10.0 Thunderbird ESR 10.x before 10.0.3 and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.

Reference

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories/48553 http://secunia.com/advisories/48561 http://secunia.com/advisories/48629 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:032 http://www.mozilla.org/security/announce/2012/mfsa2012-17.html http://www.securitytracker.com/id?1026801 http://www.securitytracker.com/id?1026803 http://www.securitytracker.com/id?1026804 http://www.ubuntu.com/usn/USN-1400-1 http://www.ubuntu.com/usn/USN-1400-2 http://www.ubuntu.com/usn/USN-1400-3 http://www.ubuntu.com/usn/USN-1400-4 http://www.ubuntu.com/usn/USN-1400-5 https://bugzilla.mozilla.org/show_bug.cgi?id=723446 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A15066