CVE-2013-1724Use After Free in Mozilla Firefox

CWE-399CWE-416Use After Free7 documents6 sources
Severity
9.3CRITICALNVD
EPSS
4.3%
top 11.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedSep 18
Latest updateMay 17

Description

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox23.0.1+8
NVDmozilla/seamonkey2.20+36
NVDmozilla/thunderbird17.0.9+9

🔴Vulnerability Details

2
GHSA
GHSA-4c7f-4gjq-hwgh: Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 242022-05-17
CVEList
CVE-2013-1724: Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 242013-09-18

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-09-18
Red Hat
Mozilla: Use-after-free with select element (MFSA 2013-81)2013-09-17
Ubuntu
Firefox vulnerabilities2013-09-17

💬Community

1
Bugzilla
CVE-2013-1724 Mozilla: Use-after-free with select element (MFSA 2013-81)2013-09-18
CVE-2013-1724 — Use After Free in Mozilla Firefox | cvebase