CVE-2013-0772

MEDIUM

Description

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

References

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html

http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html

http://rhn.redhat.com/errata/RHSA-2013-1812.html

http://www.mozilla.org/security/announce/2013/mfsa2013-22.html

http://www.ubuntu.com/usn/USN-1729-1

http://www.ubuntu.com/usn/USN-1729-2

https://bugzilla.mozilla.org/show_bug.cgi?id=801366

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17159

Details

Source: MITRE

Published: 2013-02-19

Updated: 2020-08-06

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
74898openSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)NessusSuSE Local Security Checks
critical
71370RHEL 5 / 6 : thunderbird (RHSA-2013:1823)NessusRed Hat Local Security Checks
critical
71368Oracle Linux 6 : thunderbird (ELSA-2013-1823)NessusOracle Linux Local Security Checks
critical
71366Oracle Linux 5 / 6 : firefox (ELSA-2013-1812)NessusOracle Linux Local Security Checks
critical
71357CentOS 5 / 6 : thunderbird (CESA-2013:1823)NessusCentOS Local Security Checks
critical
71354CentOS 5 / 6 : firefox (CESA-2013:1812)NessusCentOS Local Security Checks
critical
71335RHEL 5 / 6 : firefox (RHSA-2013:1812)NessusRed Hat Local Security Checks
critical
70183GLSA-201309-23 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
65598SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506)NessusSuSE Local Security Checks
critical
65175SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7447)NessusSuSE Local Security Checks
critical
64967Ubuntu 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1729-2)NessusUbuntu Local Security Checks
critical
801258Mozilla SeaMonkey < 2.16 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6693SeaMonkey < 2.16 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
801245Mozilla Thunderbird 17.x < 17.0.3 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801233Mozilla Firefox 18.x <= 18 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6692Mozilla Thunderbird < 17.0.3 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
6691Mozilla Firefox < 19.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
64726SeaMonkey < 2.16 Multiple VulnerabilitiesNessusWindows
critical
64724Mozilla Thunderbird < 17.0.3 Multiple VulnerabilitiesNessusWindows
critical
64723Firefox < 19.0 Multiple VulnerabilitiesNessusWindows
critical
64720Thunderbird < 17.0.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
64719Firefox 18.x Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
64698Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1729-1)NessusUbuntu Local Security Checks
critical
64693FreeBSD : mozilla -- multiple vulnerabilities (e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02)NessusFreeBSD Local Security Checks
high