CVE-2013-0755

HIGH

Description

Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer.

References

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

http://www.mozilla.org/security/announce/2013/mfsa2013-18.html

http://www.ubuntu.com/usn/USN-1681-1

http://www.ubuntu.com/usn/USN-1681-2

http://www.ubuntu.com/usn/USN-1681-4

https://bugzilla.mozilla.org/show_bug.cgi?id=814027

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16952

Details

Source: MITRE

Published: 2013-01-13

Updated: 2020-08-10

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (25 total)

ID	Name	Product	Family	Severity
83574	SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)	Nessus	SuSE Local Security Checks	critical
74918	openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)	Nessus	SuSE Local Security Checks	critical
70183	GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
64480	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)	Nessus	Ubuntu Local Security Checks	critical
64136	SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)	Nessus	SuSE Local Security Checks	critical
63665	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)	Nessus	Ubuntu Local Security Checks	critical
63626	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)	Nessus	SuSE Local Security Checks	critical
801376	Mozilla SeaMonkey 2.x <= 2.14 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801345	Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801308	Mozilla Thunderbird 17.x < 17.0.2 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800108	Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
63554	SeaMonkey < 2.15 Multiple Vulnerabilities	Nessus	Windows	critical
63553	Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities	Nessus	Windows	critical
63551	Firefox < 18.0 Multiple Vulnerabilities	Nessus	Windows	critical
63550	Firefox ESR 17.x < 17.0.2 Multiple Vulnerabilities	Nessus	Windows	critical
63548	Firefox 10.x < 10.0.12 Multiple Vulnerabilities	Nessus	Windows	critical
63547	Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
63545	Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
63544	Firefox ESR < 17.0.2 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
6670	SeaMonkey 2.14.x < 2.15 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
6669	Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high
6668	Mozilla Firefox < 18.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
63463	FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)	Nessus	FreeBSD Local Security Checks	critical
63448	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)	Nessus	Ubuntu Local Security Checks	critical
63447	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)	Nessus	Ubuntu Local Security Checks	critical