CVE-2013-0746

HIGH

Description

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection.

References

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

http://rhn.redhat.com/errata/RHSA-2013-0144.html

http://rhn.redhat.com/errata/RHSA-2013-0145.html

http://www.mozilla.org/security/announce/2013/mfsa2013-09.html

http://www.ubuntu.com/usn/USN-1681-1

http://www.ubuntu.com/usn/USN-1681-2

http://www.ubuntu.com/usn/USN-1681-4

https://bugzilla.mozilla.org/show_bug.cgi?id=816842

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16570

Details

Source: MITRE

Published: 2013-01-13

Updated: 2020-08-04

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (36 total)

ID	Name	Product	Family	Severity
83574	SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)	Nessus	SuSE Local Security Checks	critical
74918	openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)	Nessus	SuSE Local Security Checks	critical
70183	GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
68708	Oracle Linux 6 : thunderbird (ELSA-2013-0145)	Nessus	Oracle Linux Local Security Checks	critical
68707	Oracle Linux 5 / 6 : firefox (ELSA-2013-0144)	Nessus	Oracle Linux Local Security Checks	critical
64480	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)	Nessus	Ubuntu Local Security Checks	critical
64136	SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)	Nessus	SuSE Local Security Checks	critical
63665	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)	Nessus	Ubuntu Local Security Checks	critical
63626	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)	Nessus	SuSE Local Security Checks	critical
801376	Mozilla SeaMonkey 2.x <= 2.14 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801345	Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801308	Mozilla Thunderbird 17.x < 17.0.2 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800108	Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
63554	SeaMonkey < 2.15 Multiple Vulnerabilities	Nessus	Windows	critical
63553	Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities	Nessus	Windows	critical
63552	Mozilla Thunderbird 10.x < 10.0.12 Multiple Vulnerabilities	Nessus	Windows	critical
63551	Firefox < 18.0 Multiple Vulnerabilities	Nessus	Windows	critical
63550	Firefox ESR 17.x < 17.0.2 Multiple Vulnerabilities	Nessus	Windows	critical
63548	Firefox 10.x < 10.0.12 Multiple Vulnerabilities	Nessus	Windows	critical
63547	Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
63546	Thunderbird 10.x < 10.0.12 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
63545	Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
63544	Firefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
63542	Firefox < 10.0.12 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
6670	SeaMonkey 2.14.x < 2.15 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6669	Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6668	Mozilla Firefox < 18.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
63472	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)	Nessus	Scientific Linux Local Security Checks	critical
63471	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130108)	Nessus	Scientific Linux Local Security Checks	critical
63463	FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)	Nessus	FreeBSD Local Security Checks	critical
63448	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)	Nessus	Ubuntu Local Security Checks	critical
63447	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)	Nessus	Ubuntu Local Security Checks	critical
63446	RHEL 5 / 6 : thunderbird (RHSA-2013:0145)	Nessus	Red Hat Local Security Checks	critical
63445	RHEL 5 / 6 : firefox (RHSA-2013:0144)	Nessus	Red Hat Local Security Checks	critical
63432	CentOS 5 / 6 : thunderbird (CESA-2013:0145)	Nessus	CentOS Local Security Checks	critical
63431	CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0144)	Nessus	CentOS Local Security Checks	critical