Published: 18/09/2013 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox prior to 24.0, Thunderbird prior to 24.0, and SeaMonkey prior to 2.21 allows remote malicious users to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla seamonkey 2.14
mozilla seamonkey 2.13
mozilla seamonkey 2.12
mozilla seamonkey 2.11
mozilla seamonkey 2.10
mozilla seamonkey 2.1
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0
mozilla seamonkey 2.20
mozilla seamonkey 2.10.1
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.11
mozilla seamonkey 2.19
mozilla seamonkey 2.17
mozilla seamonkey 2.16
mozilla seamonkey 2.15
mozilla seamonkey 2.13.2
mozilla seamonkey 2.13.1
mozilla seamonkey 2.12.1
mozilla seamonkey 2.18
mozilla seamonkey 2.16.2
mozilla seamonkey 2.16.1
mozilla seamonkey 2.15.2
mozilla seamonkey 2.15.1
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.13
mozilla seamonkey
mozilla seamonkey 2.17.1
mozilla thunderbird 17.0.3
mozilla thunderbird 17.0.4
mozilla thunderbird 17.0
mozilla thunderbird 17.0.7
mozilla thunderbird 17.0.8
mozilla thunderbird 17.0.5
mozilla thunderbird 17.0.6
mozilla thunderbird 17.0.1
mozilla thunderbird 17.0.2
mozilla thunderbird
mozilla firefox 19.0.2
mozilla firefox 19.0.1
mozilla firefox 23.0
mozilla firefox 21.0
mozilla firefox 20.0.1
mozilla firefox 19.0
mozilla firefox 22.0
mozilla firefox 20.0
mozilla firefox

Several security issues were fixed in Thunderbird ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2013-92 GC hazard with default compartments and frame chain restoration Announced September 17, 2013 Reporter Nils, Bobby Holley Impact Critical Products Firefox, SeaMonkey, Thunderbird ...

Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 240, Thunderbird before 240, and SeaMonkey before 221 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration ...

CWE-399 http://www.mozilla.org/security/announce/2013/mfsa2013-92.html https://bugzilla.mozilla.org/show_bug.cgi?id=882897 https://bugzilla.mozilla.org/show_bug.cgi?id=887334 http://www.ubuntu.com/usn/USN-1952-1 http://www.ubuntu.com/usn/USN-1951-1 http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://www.securityfocus.com/bid/62466 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18766 https://usn.ubuntu.com/1952-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-1738

CVE-2013-1738

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect