CVE-2013-1738: Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21…

CVE-2013-1718 [CRITICAL] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1718) Atte Kettunen discovered a flaw in the HTML5 Tree Builder when interacting with template elements. If a user had scripting enabled, in some circumstances an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1720) Alex Chapman discovered an integer overflow vulnerabilit

CVE-2013-1738 [CRITICAL] Mozilla: GC hazard with default compartments and frame chain restoration (MFSA 2013-92) Mozilla: GC hazard with default compartments and frame chain restoration (MFSA 2013-92) Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6 Package: firefox (Red Hat Enterprise Linux 5) - Not affected Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected Package: firefox (Red Hat Enterprise Linux 6) - Not affected Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected

CVE-2013-1718 [CRITICAL] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Firefox could be made to crash or run programs as your login if it opened a malicious website. Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1718, CVE-2013-1719) Atte Kettunen discovered a flaw in the HTML5 Tree Builder when interacting with template elements. In some circumstances, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1720) Alex Chapman discovered an integer overflow vulnerability in the ANGLE

CVE-2013-1738 [HIGH] GHSA-mr96-hw46-vq33: Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24 Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.

CVE-2013-1738 [CRITICAL] CVE-2013-1738 Mozilla: GC hazard with default compartments and frame chain restoration (MFSA 2013-92) CVE-2013-1738 Mozilla: GC hazard with default compartments and frame chain restoration (MFSA 2013-92) Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger. External Reference: http://www.mozilla.org/security/announce/2013/mfsa2013-92.html Acknowledgements: Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter. Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5 and 6