CVE-2013-5597Use After Free in Mozilla Firefox

CWE-416Use After Free7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.6%
top 12.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedOct 30
Latest updateMay 14

Description

Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox24.0+22
NVDmozilla/thunderbird24.0.1+10
NVDmozilla/thunderbird_esr10 versions+9
NVDmozilla/seamonkey2.22+38

🔴Vulnerability Details

2
GHSA
GHSA-h685-5vjr-p4m8: Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 252022-05-14
CVEList
CVE-2013-5597: Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 252013-10-30

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-10-31
Ubuntu
Firefox vulnerabilities2013-10-29
Red Hat
Mozilla: Use-after-free when updating offline cache (MFSA 2013-98)2013-10-29

💬Community

1
Bugzilla
CVE-2013-5597 Mozilla: Use-after-free when updating offline cache (MFSA 2013-98)2013-10-28
CVE-2013-5597 — Use After Free in Mozilla Firefox | cvebase