Published: 11/03/2013 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox prior to 19.0.2, Firefox ESR 17.x prior to 17.0.4, Thunderbird prior to 17.0.4, Thunderbird ESR 17.x prior to 17.0.4, and SeaMonkey prior to 2.16.1 allows remote malicious users to execute arbitrary code via vectors involving an execCommand call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 19.0
mozilla firefox
mozilla firefox esr 17.0.2
mozilla firefox esr 17.0.3
mozilla firefox esr 17.0.1
mozilla firefox esr 17.0
mozilla thunderbird 17.0.2
mozilla thunderbird 17.0
mozilla thunderbird
mozilla thunderbird 17.0.1
mozilla thunderbird esr 17.0.3
mozilla thunderbird esr 17.0
mozilla thunderbird esr 17.0.1
mozilla thunderbird esr 17.0.2
mozilla seamonkey 2.16
mozilla seamonkey

Synopsis Critical: xulrunner security update Type/Severity Security Advisory: Critical Topic Updated xulrunner packages that fix one security issue are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact A Common Vulne ...

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An updated thunderbird package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant security impact A Co ...

Thunderbird could be made to crash or run programs as your login ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cro ...

Mozilla Foundation Security Advisory 2013-29 Use-after-free in HTML Editor Announced March 7, 2013 Reporter VUPEN Security Impact Critical Products Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR Fixed in ...

CWE-399 http://twitter.com/thezdi/statuses/309484730506698752 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://www.mozilla.org/security/announce/2013/mfsa2013-29.html http://twitter.com/VUPEN/statuses/309505403631325184 https://bugzilla.mozilla.org/show_bug.cgi?id=848644 http://www.ubuntu.com/usn/USN-1758-1 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html http://rhn.redhat.com/errata/RHSA-2013-0614.html http://rhn.redhat.com/errata/RHSA-2013-0627.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html http://www.debian.org/security/2013/dsa-2699 http://www.securityfocus.com/bid/58391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737 https://access.redhat.com/errata/RHSA-2013:0614 https://nvd.nist.gov https://usn.ubuntu.com/1758-2/

CVE-2013-0787

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect