CVE-2013-5599Use After Free in Mozilla Firefox

CWE-416Use After Free5 documents4 sources
Severity
10.0CRITICALNVD
EPSS
2.7%
top 14.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedOct 30
Latest updateOct 31

Description

Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox24.0+22
NVDmozilla/thunderbird24.0.1+10
NVDmozilla/thunderbird_esr10 versions+9
NVDmozilla/seamonkey2.22+38

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-10-31
Ubuntu
Firefox vulnerabilities2013-10-29
Red Hat
Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)2013-10-29

💬Community

1
Bugzilla
CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)2013-10-28
CVE-2013-5599 — Use After Free in Mozilla Firefox | cvebase