CVE-2013-0748Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure8 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 44.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+11 more
Timeline
PublishedJan 13
Latest updateMay 13

Description

The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages11 packages

NVDmozilla/firefox10.010.0.12+2
NVDmozilla/thunderbird< 17.0.2
NVDmozilla/thunderbird_esr10.010.0.12+1
NVDmozilla/seamonkey< 2.15
NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10, Enterprise Linux 5.9, 6.3

🔴Vulnerability Details

2
GHSA
GHSA-mj3v-vm8j-wm4f: The XBL2022-05-13
CVEList
CVE-2013-0748: The XBL2013-01-13

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2013-01-09
Ubuntu
Thunderbird vulnerabilities2013-01-09
Red Hat
Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)2013-01-08

💬Community

2
Bugzilla
CVE-2013-0748 Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)2013-01-05
Bugzilla
CVE-2012-2693 libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored2012-06-12
CVE-2013-0748 — Sensitive Information Exposure | cvebase