CVE-2013-1704: Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute…

CVE-2013-1704 [CRITICAL] CWE-416 Mozilla: Use after free mutating DOM during SetBody (MFSA 2013-64) Mozilla: Use after free mutating DOM during SetBody (MFSA 2013-64) Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Package: firefox (Red Hat Enterprise Linux 5) - Not affected Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected Package: firefox (Red Hat Enterprise Linux 6) - Not affected Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected

CVE-2013-1701 [CRITICAL] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Firefox could be made to crash or run programs as your login if it opened a malicious website. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute a

[CRITICAL] Ubufox and Unity Firefox Extension update Title: Ubufox and Unity Firefox Extension update Summary: This update provides compatible packages for Firefox 23. USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Original advisory details: Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a Set

CVE-2013-1704 [HIGH] GHSA-3grj-j83x-crr8: Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23 Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.

CVE-2013-1704 [CRITICAL] CVE-2013-1704 Mozilla: Use after free mutating DOM during SetBody (MFSA 2013-64) CVE-2013-1704 Mozilla: Use after free mutating DOM during SetBody (MFSA 2013-64) Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash. In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. External Reference: http://www.mozilla.org/security/announce/2013/mfsa2013-64.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter. Statement: This issue does not affect the version of firefo