CVE-2013-0800 — Out-of-bounds Write in Mozilla Firefox

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

2.8%

top 13.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +7 more

Timeline

PublishedApr 3

Latest updateMay 13

Description

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

▶NVDmozilla/firefox17.0 — 17.0.5+1

▶NVDmozilla/thunderbird< 17.0.5

▶NVDmozilla/thunderbird_esr17.0 — 17.0.5

▶NVDmozilla/seamonkey< 2.17

▶NVDopensuse/opensuse4 versions+3

Also affects: Debian Linux 7.0, Ubuntu Linux 10.04, 11.10, 12.04, 12.10

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-w5mr-mjj8-pwcp: Integer signedness error in the pixman_fill_sse2 function in pixman-sse2↗2022-05-13

▶

CVEList

CVE-2013-0800: Integer signedness error in the pixman_fill_sse2 function in pixman-sse2↗2013-04-03

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2013-04-08

▶

Ubuntu

Firefox vulnerabilities↗2013-04-04

▶

Red Hat

Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31)↗2013-04-02

▶

💬Community

Bugzilla

CVE-2013-0800 Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31)↗2013-04-01

▶