CVE-2013-1704 — Use After Free in Mozilla Firefox

CWE-399 CWE-416 — Use After Free6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

4.7%

top 10.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedAug 7

Latest updateMay 17

Description

Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox22.0+6

▶NVDmozilla/seamonkey2.20+52

🔴Vulnerability Details

GHSA

GHSA-3grj-j83x-crr8: Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23↗2022-05-17

▶

CVEList

CVE-2013-1704: Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23↗2013-08-07

▶

📋Vendor Advisories

Red Hat

Mozilla: Use after free mutating DOM during SetBody (MFSA 2013-64)↗2013-08-06

▶

Ubuntu

Firefox vulnerabilities↗2013-08-06

▶

💬Community

Bugzilla

CVE-2013-1704 Mozilla: Use after free mutating DOM during SetBody (MFSA 2013-64)↗2013-08-07

▶