CVE-2013-0777 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free CWE-125 — Out-of-bounds Read CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources

Severity

9.3CRITICALNVD

EPSS

1.4%

top 19.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +3 more

Timeline

PublishedFeb 19

Latest updateMay 13

Description

Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶NVDmozilla/firefox< 17.0.3+1

▶NVDmozilla/seamonkey< 2.16

▶NVDmozilla/thunderbird< 17.0.3

▶NVDmozilla/thunderbird_esr< 17.0.3

▶NVDopensuse/opensuse11.4, 12.1, 12.2+2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-8rgf-9r53-438g: Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19↗2022-05-13

▶

CVEList

CVE-2013-0777: Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19↗2013-02-19

▶

📋Vendor Advisories

Red Hat

busybox: insecure directory permissions in /dev↗2013-03-01

▶

Ubuntu

Thunderbird vulnerabilities↗2013-02-25

▶

Ubuntu

Firefox vulnerabilities↗2013-02-20

▶

Red Hat

Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28)↗2013-02-19

▶

💬Community

Bugzilla

CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0781 Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28)↗2013-02-16

▶