CVE-2012-5830

Exp

Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.

Published: 2012-11-21 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2012-5830 is rated High Exploit Risk (84.2/100): CVSS High severity, with medium exploitation likelihood (EPSS 3.81%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.95% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2012-5830

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2012-5830

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.86% 3.81% +2.95%
2 2026-01-09 1.45% 0.86% -0.59%
3 2025-03-30 1.45%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-5830

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.8 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
2.8 5.9 [email protected]
6.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
8.6 6.4 [email protected]

Weakness enumeration for CVE-2012-5830

OS Trackers for CVE-2012-5830

vendor priority summary link
gentoo high CVE-2012-5830: 1 GLSA(s) (201301-01), 14 atom(s) (dev-libs/nss, mail-client/mozilla-thunderbird, …); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2012-5830
redhat critical https://access.redhat.com/security/cve/CVE-2012-5830
suse high CVE-2012-5830 severity important: SUSE including 74 source package names (MozillaFirefox-10.0.11-0.3.1, MozillaFirefox-140.2.0-160000.1.2, …), 113 product×package rows across 34 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 12, … (34 product lines)): Fixed 113. https://www.suse.com/security/cve/CVE-2012-5830/
ubuntu medium CVE-2012-5830 medium priority: Ubuntu including 5 source packages (firefox, seamonkey, thunderbird, xulrunner-1.9.2, xulrunner-2.0), 40 status rows across 8 suites (hardy, lucid, oneiric, precise, quantal, raring, saucy, upstream): DNE 16, released 8, ignored 7, needs-triage 5, not-affected 4. https://ubuntu.com/security/CVE-2012-5830

Affected software / configurations for CVE-2012-5830

Vendor Product Version Raw CPE
mozilla firefox < 17.0 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla firefox >= 10.0, < 10.0.11 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla seamonkey < 2.14 cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozilla thunderbird < 17.0 cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozilla thunderbird_esr >= 10.0, < 10.0.11 cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_eus 6.3 cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
redhat enterprise_linux_server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
redhat enterprise_linux_server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_server_eus 6.3 cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
suse suse_linux_enterprise_software_development_kit 11.0 cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2:*:*:*:*:*:*
canonical ubuntu_linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonical ubuntu_linux 11.10 cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
canonical ubuntu_linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
canonical ubuntu_linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
opensuse opensuse 11.4 cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
opensuse opensuse 12.1 cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
opensuse opensuse 12.2 cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
suse suse_linux_enterprise_desktop 10 cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
suse suse_linux_enterprise_desktop 11 cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
suse suse_linux_enterprise_server 10 cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp4:*:*:*:*:*:*
suse suse_linux_enterprise_server 11 cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:*:*:*:*
suse suse_linux_enterprise_server 11 cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:*:-:*:*
suse suse_linux_enterprise_server 11 cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

References for CVE-2012-5830

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html Mailing List Third Party Advisory
http://osvdb.org/87598 Broken Link
http://rhn.redhat.com/errata/RHSA-2012-1482.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1483.html Third Party Advisory
http://secunia.com/advisories/51359 Broken Link
http://secunia.com/advisories/51360 Broken Link
http://secunia.com/advisories/51369 Broken Link
http://secunia.com/advisories/51370 Broken Link
http://secunia.com/advisories/51381 Broken Link
http://secunia.com/advisories/51434 Broken Link
http://secunia.com/advisories/51439 Broken Link
http://secunia.com/advisories/51440 Broken Link
http://www.mozilla.org/security/announce/2012/mfsa2012-106.html Vendor Advisory
http://www.ubuntu.com/usn/USN-1636-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-2 Third Party Advisory
http://www.ubuntu.com/usn/USN-1638-3 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=775228 Exploit Issue Tracking Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/80183 Third Party Advisory VDB Entry
cvelogic Threat Intelligence