CVE-2013-1738Mozilla Firefox vulnerability

CWE-3997 documents6 sources
Severity
9.3CRITICALNVD
EPSS
4.6%
top 10.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedSep 18
Latest updateMay 17

Description

Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox23.0.1+8
NVDmozilla/seamonkey2.20+36
NVDmozilla/thunderbird17.0.9+9

🔴Vulnerability Details

2
GHSA
GHSA-mr96-hw46-vq33: Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 242022-05-17
CVEList
CVE-2013-1738: Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 242013-09-18

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-09-18
Red Hat
Mozilla: GC hazard with default compartments and frame chain restoration (MFSA 2013-92)2013-09-17
Ubuntu
Firefox vulnerabilities2013-09-17

💬Community

1
Bugzilla
CVE-2013-1738 Mozilla: GC hazard with default compartments and frame chain restoration (MFSA 2013-92)2013-09-18
CVE-2013-1738 — Mozilla Firefox vulnerability | cvebase