CVE-2013-1684Out-of-bounds Write in Mozilla Firefox

CWE-3997 documents6 sources
Severity
9.3CRITICALNVD
EPSS
0.8%
top 26.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla ThunderbirdMozilla Thunderbird ESR
Timeline
PublishedJun 26
Latest updateMay 17

Description

Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox21.0+12
NVDmozilla/thunderbird17.0.6+6
NVDmozilla/thunderbird_esr7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-659g-jfxg-2j3j: Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 222022-05-17
CVEList
CVE-2013-1684: Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 222013-06-26

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-06-26
Ubuntu
Firefox vulnerabilities2013-06-26
Red Hat
Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)2013-06-25

💬Community

1
Bugzilla
CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)2013-06-25
CVE-2013-1684 — Out-of-bounds Write in Mozilla Firefox | cvebase