CVE-2013-1686 — Out-of-bounds Write in Mozilla Firefox

CWE-3997 documents6 sources

Severity

10.0CRITICALNVD

EPSS

2.5%

top 14.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Mozilla Thunderbird ESR

Timeline

PublishedJun 26

Latest updateMay 17

Description

Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmozilla/firefox21.0+12

▶NVDmozilla/thunderbird17.0.6+6

▶NVDmozilla/thunderbird_esr7 versions+6

🔴Vulnerability Details

GHSA

GHSA-533v-g3wc-hm43: Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22↗2022-05-17

▶

CVEList

CVE-2013-1686: Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22↗2013-06-26

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2013-06-26

▶

Ubuntu

Firefox vulnerabilities↗2013-06-26

▶

Red Hat

Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)↗2013-06-25

▶

💬Community

Bugzilla

CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)↗2013-06-25

▶