CVE-2013-1678Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.7%
top 11.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla ThunderbirdMozilla Thunderbird ESR
Timeline
PublishedMay 16
Latest updateMay 17

Description

The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox20.0.1+10
NVDmozilla/thunderbird17.0.5+5
NVDmozilla/thunderbird_esr6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-hmp9-9jqp-f4m7: The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 212022-05-17
CVEList
CVE-2013-1678: The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 212013-05-16

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2013-05-14
Red Hat
Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)2013-05-14
Ubuntu
Thunderbird vulnerabilities2013-05-14

💬Community

1
Bugzilla
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)2013-05-14
CVE-2013-1678 — Mozilla Firefox vulnerability | cvebase