CVE-2013-5602Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.2%
top 12.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+1 more
Timeline
PublishedOct 30
Latest updateMay 14

Description

The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

NVDmozilla/firefox24.0+22
NVDmozilla/thunderbird24.0.1+10
NVDmozilla/thunderbird_esr10 versions+9
NVDmozilla/seamonkey2.22+38

🔴Vulnerability Details

2
GHSA
GHSA-8rq9-mgjw-g998: The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 252022-05-14
CVEList
CVE-2013-5602: The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 252013-10-30

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2013-10-31
Ubuntu
Firefox vulnerabilities2013-10-29
Red Hat
Mozilla: Memory corruption in workers (MFSA 2013-101)2013-10-29

💬Community

1
Bugzilla
CVE-2013-5602 Mozilla: Memory corruption in workers (MFSA 2013-101)2013-10-28
CVE-2013-5602 — Mozilla Firefox vulnerability | cvebase