Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
http://rhn.redhat.com/errata/RHSA-2013-1812.html
http://www.mozilla.org/security/announce/2013/mfsa2013-108.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1029470
http://www.securitytracker.com/id/1029476
http://www.ubuntu.com/usn/USN-2052-1
http://www.ubuntu.com/usn/USN-2053-1
Source: MITRE
Published: 2013-12-11
Updated: 2020-08-12
Type: CWE-416
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
OR
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
OR
cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
701241 | Mozilla Firefox ESR < 24.2 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
82632 | GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
75327 | openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1) | Nessus | SuSE Local Security Checks | critical |
75241 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1918-1) | Nessus | SuSE Local Security Checks | critical |
75240 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1) | Nessus | SuSE Local Security Checks | critical |
75239 | openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1) | Nessus | SuSE Local Security Checks | critical |
74868 | openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1957-1) | Nessus | SuSE Local Security Checks | critical |
74867 | openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1959-1) | Nessus | SuSE Local Security Checks | critical |
74866 | openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1958-1) | Nessus | SuSE Local Security Checks | critical |
71785 | Fedora 18 : thunderbird-24.2.0-2.fc18 (2013-23291) | Nessus | Fedora Local Security Checks | critical |
71560 | SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657) | Nessus | SuSE Local Security Checks | critical |
71559 | SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657) | Nessus | SuSE Local Security Checks | critical |
71505 | Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519) | Nessus | Fedora Local Security Checks | critical |
8072 | SeaMonkey < 2.23 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
8071 | Mozilla Thunderbird < 24.2 Multiple Vulnerabilities | Nessus Network Monitor | SMTP Clients | critical |
8070 | Mozilla Firefox < 26.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
71452 | FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771) | Nessus | FreeBSD Local Security Checks | critical |
71448 | Fedora 19 : thunderbird-24.2.0-2.fc19 (2013-23295) | Nessus | Fedora Local Security Checks | critical |
71391 | Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20131211) | Nessus | Scientific Linux Local Security Checks | critical |
71375 | Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2053-1) | Nessus | Ubuntu Local Security Checks | critical |
71374 | Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1) | Nessus | Ubuntu Local Security Checks | critical |
71371 | Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20131211) | Nessus | Scientific Linux Local Security Checks | critical |
71370 | RHEL 5 / 6 : thunderbird (RHSA-2013:1823) | Nessus | Red Hat Local Security Checks | critical |
71368 | Oracle Linux 6 : thunderbird (ELSA-2013-1823) | Nessus | Oracle Linux Local Security Checks | critical |
71366 | Oracle Linux 5 / 6 : firefox (ELSA-2013-1812) | Nessus | Oracle Linux Local Security Checks | critical |
71365 | Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127) | Nessus | Fedora Local Security Checks | critical |
71357 | CentOS 5 / 6 : thunderbird (CESA-2013:1823) | Nessus | CentOS Local Security Checks | critical |
71354 | CentOS 5 / 6 : firefox (CESA-2013:1812) | Nessus | CentOS Local Security Checks | critical |
71349 | SeaMonkey < 2.23 Multiple Vulnerabilities | Nessus | Windows | critical |
71348 | Mozilla Thunderbird < 24.2 Multiple Vulnerabilities | Nessus | Windows | critical |
71347 | Firefox < 26.0 Multiple Vulnerabilities | Nessus | Windows | critical |
71346 | Firefox ESR 24.x < 24.2 Multiple Vulnerabilities | Nessus | Windows | critical |
71345 | Thunderbird < 24.2 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
71344 | Firefox < 26.0 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
71343 | Firefox ESR 24.x < 24.2 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
71335 | RHEL 5 / 6 : firefox (RHSA-2013:1812) | Nessus | Red Hat Local Security Checks | critical |