CVE-2013-1680Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.2%
top 13.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla ThunderbirdMozilla Thunderbird ESR
Timeline
PublishedMay 16
Latest updateMay 17

Description

Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox20.0.1+10
NVDmozilla/thunderbird17.0.5+5
NVDmozilla/thunderbird_esr6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-8p39-8gpr-fr9x: Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 212022-05-17
CVEList
CVE-2013-1680: Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 212013-05-16

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2013-05-14
Red Hat
Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)2013-05-14
Ubuntu
Thunderbird vulnerabilities2013-05-14

💬Community

2
Bugzilla
CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)2013-05-14
Bugzilla
CVE-2011-1680 ncpfs: ncpmount does not remove /etc/mtab~ lock file after failed mount entry addition2011-04-12
CVE-2013-1680 — Mozilla Firefox vulnerability | cvebase