CVE-2013-1723Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.8%
top 17.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedSep 18
Latest updateMay 17

Description

The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox23.0.1+8
NVDmozilla/seamonkey2.20+36
NVDmozilla/thunderbird17.0.9+9

🔴Vulnerability Details

2
GHSA
GHSA-mv9c-x427-433g: The NativeKey widget in Mozilla Firefox before 242022-05-17
CVEList
CVE-2013-1723: The NativeKey widget in Mozilla Firefox before 242013-09-18

📋Vendor Advisories

1
Red Hat
Mozilla: NativeKey continues handling key messages after widget is destroyed (MFSA 2013-80)2013-09-17

💬Community

1
Bugzilla
CVE-2013-1723 Mozilla: NativeKey continues handling key messages after widget is destroyed (MFSA 2013-80)2013-09-18
CVE-2013-1723 — Mozilla Firefox vulnerability | cvebase