CVE-2013-0787Use After Free in Mozilla Firefox

CWE-399CWE-416Use After Free7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
4.6%
top 10.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedMar 11
Latest updateMay 17

Description

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox19.0.1+5
NVDmozilla/thunderbird17.0.3+3
NVDmozilla/thunderbird_esr4 versions+3
NVDmozilla/seamonkey2.16+1

🔴Vulnerability Details

2
GHSA
GHSA-hp7j-mmg2-c8g7: Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor2022-05-17
CVEList
CVE-2013-0787: Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor2013-03-11

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerability2013-03-13
Ubuntu
Firefox vulnerability2013-03-08
Red Hat
Mozilla: Use-after-free in HTML Editor (MFSA 2013-29)2013-03-08

💬Community

1
Bugzilla
CVE-2013-0787 Mozilla: Use-after-free in HTML Editor (MFSA 2013-29)2013-03-07
CVE-2013-0787 — Use After Free in Mozilla Firefox | cvebase