CVE-2013-1679Out-of-bounds Write in Mozilla Firefox

CWE-3998 documents6 sources
Severity
10.0CRITICALNVD
EPSS
2.2%
top 15.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla ThunderbirdMozilla Thunderbird ESR
Timeline
PublishedMay 16
Latest updateMay 17

Description

Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox20.0.1+10
NVDmozilla/thunderbird17.0.5+5
NVDmozilla/thunderbird_esr6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-m7q9-pmrc-hx6r: Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 212022-05-17
CVEList
CVE-2013-1679: Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 212013-05-16

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2013-05-14
Ubuntu
Thunderbird vulnerabilities2013-05-14
Red Hat
Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)2013-05-14

💬Community

2
Bugzilla
CVE-2013-4518 RHUI: PKI entitlement certificates are world readable2013-11-05
Bugzilla
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)2013-05-14
CVE-2013-1679 — Out-of-bounds Write in Mozilla Firefox | cvebase