The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
http://www.mozilla.org/security/announce/2013/mfsa2013-115.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1029470
http://www.securitytracker.com/id/1029476
http://www.ubuntu.com/usn/USN-2052-1
http://www.ubuntu.com/usn/USN-2053-1
Source: MITRE
Published: 2013-12-11
Updated: 2020-08-12
Type: NVD-CWE-noinfo
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL