CVE-2012-1938

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.

Published: Jun 5, 2012
Updated: Nov 9, 2025
CVE: CVE-2012-1938
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	13.0
mozilla / seamonkey	-	2.10
mozilla / thunderbird	-	13.0
suse / linux_enterprise_server	11-sp1	11-sp1.x
suse / linux_enterprise_desktop	11-sp1	11-sp1.x
suse / linux_enterprise_server	10-sp4	10-sp4.x
opensuse / opensuse	11.4	11.4.x
suse / linux_enterprise_desktop	10-sp4	10-sp4.x
opensuse / opensuse	12.1	12.1.x
suse / linux_enterprise_software_development_kit	10-sp4	10-sp4.x
suse / linux_enterprise_software_development_kit	11-sp1	11-sp1.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_server_aus	6.2	6.2.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / storage	2.0	2.0.x
redhat / enterprise_linux_eus	6.2	6.2.x

Vulnerability Database

300,830

CVE-2012-1938

Deep Security Visibility Without the Complexity