CVE-2013-5600Use After Free in Mozilla Firefox

CWE-416Use After Free8 documents7 sources
Severity
10.0CRITICALNVD
EPSS
2.7%
top 14.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedOct 30
Latest updateMay 14

Description

Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox24.0+22
NVDmozilla/thunderbird24.0.1+10
NVDmozilla/thunderbird_esr10 versions+9
NVDmozilla/seamonkey2.22+38

🔴Vulnerability Details

2
GHSA
GHSA-qp2f-2pc9-9qph: Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 252022-05-14
CVEList
CVE-2013-5600: Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 252013-10-30

💥Exploits & PoCs

1
Exploit-DB
Samsung PS50C7700 TV - Denial of Service2013-07-23

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-10-31
Ubuntu
Firefox vulnerabilities2013-10-29
Red Hat
Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)2013-10-29

💬Community

1
Bugzilla
CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)2013-10-28
CVE-2013-5600 — Use After Free in Mozilla Firefox | cvebase