CVE-2013-0752Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer26 documents6 sources
Severity
9.3CRITICALNVD
EPSS
2.8%
top 13.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+6 more
Timeline
PublishedJan 13
Latest updateMay 13

Description

Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages8 packages

NVDmozilla/firefox< 17.0.2+1
NVDmozilla/thunderbird< 17.0.2
NVDmozilla/seamonkey< 2.15
NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-c9v9-mwfc-95f2: Mozilla Firefox before 182022-05-13
CVEList
CVE-2013-0752: Mozilla Firefox before 182013-01-13

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2013-01-09
Ubuntu
Thunderbird vulnerabilities2013-01-09
Red Hat
Mozilla: Memory corruption in XBL with XML bindings containing SVG (MFSA 2013-13)2013-01-08

💬Community

11
Bugzilla
CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)2013-04-16
Bugzilla
CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049)2013-04-16
Bugzilla
CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)2013-04-16
Bugzilla
CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)2013-04-16
Bugzilla
CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)2013-04-16
CVE-2013-0752 — Mozilla Firefox vulnerability | cvebase