Published: 18/09/2013 Updated: 19/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox prior to 24.0, Thunderbird prior to 24.0, and SeaMonkey prior to 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote malicious users to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 19.0.2
mozilla firefox 19.0.1
mozilla firefox 23.0
mozilla firefox 21.0
mozilla firefox 20.0.1
mozilla firefox 20.0
mozilla firefox
mozilla firefox 19.0
mozilla firefox 22.0
mozilla thunderbird 17.0.7
mozilla thunderbird 17.0.8
mozilla thunderbird 17.0.3
mozilla thunderbird 17.0.4
mozilla thunderbird 17.0.5
mozilla thunderbird 17.0.6
mozilla thunderbird 17.0
mozilla thunderbird 17.0.1
mozilla thunderbird 17.0.2
mozilla thunderbird
mozilla seamonkey 2.14
mozilla seamonkey 2.13
mozilla seamonkey 2.12
mozilla seamonkey 2.11
mozilla seamonkey 2.10.1
mozilla seamonkey 2.1
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.11
mozilla seamonkey 2.0
mozilla seamonkey 2.19
mozilla seamonkey 2.17
mozilla seamonkey 2.16
mozilla seamonkey 2.15
mozilla seamonkey 2.10
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.2
mozilla seamonkey 2.20
mozilla seamonkey 2.18
mozilla seamonkey 2.16.2
mozilla seamonkey 2.16.1
mozilla seamonkey 2.15.1
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.13
mozilla seamonkey
mozilla seamonkey 2.17.1
mozilla seamonkey 2.13.2
mozilla seamonkey 2.13.1
mozilla seamonkey 2.12.1
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.1
mozilla seamonkey 2.15.2

Several security issues were fixed in Thunderbird ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2013-77 Improper state in HTML5 Tree Builder with templates Announced September 17, 2013 Reporter Atte Kettunen Impact Moderate Products Firefox, SeaMonkey, Thunderbird Fixed in ...

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 240, Thunderbird before 240, and SeaMonkey before 221 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based b ...

CWE-119 https://bugzilla.mozilla.org/show_bug.cgi?id=888820 http://www.mozilla.org/security/announce/2013/mfsa2013-77.html http://www.ubuntu.com/usn/USN-1952-1 http://www.ubuntu.com/usn/USN-1951-1 http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://www.securityfocus.com/bid/62465 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18617 https://usn.ubuntu.com/1952-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-1720

CVE-2013-1720

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect