CVE-2013-0762

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html

http://rhn.redhat.com/errata/RHSA-2013-0144.html

http://rhn.redhat.com/errata/RHSA-2013-0145.html

http://www.mozilla.org/security/announce/2013/mfsa2013-02.html

http://www.securityfocus.com/bid/57193

http://www.ubuntu.com/usn/USN-1681-1

http://www.ubuntu.com/usn/USN-1681-2

http://www.ubuntu.com/usn/USN-1681-4

https://bugzilla.mozilla.org/show_bug.cgi?id=788959

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16288

Details

Source: MITRE

Published: 2013-01-13

Updated: 2020-08-04

Type: CWE-416

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
83574SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)NessusSuSE Local Security Checks
critical
74918openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2013:0149-1)NessusSuSE Local Security Checks
critical
70183GLSA-201309-23 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
68708Oracle Linux 6 : thunderbird (ELSA-2013-0145)NessusOracle Linux Local Security Checks
critical
68707Oracle Linux 5 / 6 : firefox (ELSA-2013-0144)NessusOracle Linux Local Security Checks
critical
64480Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-4)NessusUbuntu Local Security Checks
critical
64136SuSE 11.2 Security Update : MozillaFirefox (SAT Patch Number 7224)NessusSuSE Local Security Checks
critical
63665Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1681-3)NessusUbuntu Local Security Checks
critical
63626SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)NessusSuSE Local Security Checks
critical
801308Mozilla Thunderbird 17.x < 17.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
6669Mozilla Thunderbird < 17.0.2 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
63553Mozilla Thunderbird < 17.0.2 Multiple VulnerabilitiesNessusWindows
critical
63552Mozilla Thunderbird 10.x < 10.0.12 Multiple VulnerabilitiesNessusWindows
critical
63549Firefox ESR 17.x < 17.0.1 Multiple VulnerabilitiesNessusWindows
critical
63548Firefox 10.x < 10.0.12 Multiple VulnerabilitiesNessusWindows
critical
63547Thunderbird < 17.0.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63546Thunderbird 10.x < 10.0.12 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63545Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63543Firefox < 17.0.1 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63542Firefox < 10.0.12 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
63472Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)NessusScientific Linux Local Security Checks
critical
63471Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130108)NessusScientific Linux Local Security Checks
critical
63463FreeBSD : mozilla -- multiple vulnerabilities (a4ed6632-5aa9-11e2-8fcb-c8600054b392)NessusFreeBSD Local Security Checks
critical
63448Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1681-2)NessusUbuntu Local Security Checks
critical
63447Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1681-1)NessusUbuntu Local Security Checks
critical
63446RHEL 5 / 6 : thunderbird (RHSA-2013:0145)NessusRed Hat Local Security Checks
critical
63445RHEL 5 / 6 : firefox (RHSA-2013:0144)NessusRed Hat Local Security Checks
critical
63432CentOS 5 / 6 : thunderbird (CESA-2013:0145)NessusCentOS Local Security Checks
critical
63431CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0144)NessusCentOS Local Security Checks
critical