CVE-2013-1725Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
2.9%
top 13.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedSep 18
Latest updateMay 17

Description

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

NVDmozilla/firefox23.0.1+17
NVDmozilla/thunderbird17.0.9+9
NVDmozilla/thunderbird_esr9 versions+8
NVDmozilla/seamonkey2.20+36

🔴Vulnerability Details

2
GHSA
GHSA-qp25-25q7-2x7w: Mozilla Firefox before 242022-05-17
CVEList
CVE-2013-1725: Mozilla Firefox before 242013-09-18

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-09-18
Red Hat
Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)2013-09-17
Ubuntu
Firefox vulnerabilities2013-09-17

💬Community

1
Bugzilla
CVE-2013-1725 Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)2013-09-17
CVE-2013-1725 — Mozilla Firefox vulnerability | cvebase