CVE-2013-0755

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.

References

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

http://www.mozilla.org/security/announce/2013/mfsa2013-18.html

http://www.ubuntu.com/usn/USN-1681-1

http://www.ubuntu.com/usn/USN-1681-2

http://www.ubuntu.com/usn/USN-1681-4

https://bugzilla.mozilla.org/show_bug.cgi?id=814027

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16952

Details

Source: MITRE

Published: 2013-01-13

Updated: 2020-08-10

Type: CWE-416

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
83574SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)NessusSuSE Local Security Checks
critical
74918openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)NessusSuSE Local Security Checks
critical
70183GLSA-201309-23 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
64480Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)NessusUbuntu Local Security Checks
critical
64136SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)NessusSuSE Local Security Checks
critical
63665Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)NessusUbuntu Local Security Checks
critical
63626SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)NessusSuSE Local Security Checks
critical
801376Mozilla SeaMonkey 2.x <= 2.14 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801345Mozilla Firefox 17.x <= 17 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801308Mozilla Thunderbird 17.x < 17.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800108Mozilla Firefox 17.x <= 17 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6670SeaMonkey 2.14.x < 2.15 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
6669Mozilla Thunderbird < 17.0.2 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6668Mozilla Firefox < 18.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
63554SeaMonkey < 2.15 Multiple VulnerabilitiesNessusWindows
critical
63553Mozilla Thunderbird < 17.0.2 Multiple VulnerabilitiesNessusWindows
critical
63551Firefox < 18.0 Multiple VulnerabilitiesNessusWindows
critical
63550Firefox ESR 17.x < 17.0.2 Multiple VulnerabilitiesNessusWindows
critical
63548Firefox 10.x < 10.0.12 Multiple VulnerabilitiesNessusWindows
critical
63547Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63545Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63544Firefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63463FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)NessusFreeBSD Local Security Checks
critical
63448Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)NessusUbuntu Local Security Checks
critical
63447Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)NessusUbuntu Local Security Checks
critical