Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0758 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection15 documents8 sources

Severity

9.3CRITICALNVD

EPSS

87.4%

top 0.54%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +11 more

Timeline

PublishedJan 13

Latest updateMay 13

Description

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages11 packages

▶NVDmozilla/firefox10.0 — 10.0.12+2

▶NVDmozilla/thunderbird< 17.0.2

▶NVDmozilla/thunderbird_esr10.0 — 10.0.12+1

▶NVDmozilla/seamonkey< 2.15

▶NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10, Enterprise Linux 5.9, 6.3

🔴Vulnerability Details

GHSA

GHSA-7p7h-fc6x-mhrh: Mozilla Firefox before 18↗2022-05-13

▶

CVEList

CVE-2013-0758: Mozilla Firefox before 18↗2013-01-13

▶

💥Exploits & PoCs

Exploit-DB

GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit)↗2014-12-18

▶

Exploit-DB

Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection (Metasploit)↗2013-01-08

▶

Metasploit

Firefox 17.0.1 Flash Privileged Code Injection↗

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2013-01-09

▶

Ubuntu

Thunderbird vulnerabilities↗2013-01-09

▶

Red Hat

Mozilla: Chrome Object Wrapper (COW) bypass through plugin objects (MFSA 2013-15)↗2013-01-08

▶

💬Community

Bugzilla

CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)↗2013-04-17

▶

Bugzilla

CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)↗2013-04-17

▶

Bugzilla

CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)↗2013-04-17

▶

Bugzilla

CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)↗2013-04-17

▶

Bugzilla

CVE-2013-2439 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)↗2013-04-17

▶