CVE-2013-0780 — Use After Free in Mozilla Firefox
Severity
9.3CRITICALNVD
EPSS
2.1%
top 15.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 19
Latest updateMay 13
Description
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages8 packages
Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 11.10, 12.04, 12.10, Enterprise Linux 5.9, 6.3
Patches
🔴Vulnerability Details
2💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2013-0780 CVE-2013-0782 Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28)↗2013-02-16