CVE-2013-5603 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free8 documents6 sources

Severity

10.0CRITICALNVD

EPSS

5.3%

top 9.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +1 more

Timeline

PublishedOct 30

Latest updateMay 14

Description

Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDmozilla/firefox24.0+12

▶NVDmozilla/seamonkey2.22+38

▶NVDmozilla/thunderbird24.0.1+10

▶NVDmozilla/thunderbird_esr17.0.9

🔴Vulnerability Details

GHSA

GHSA-82rc-4rrx-5cj2: Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25↗2022-05-14

▶

CVEList

CVE-2013-5603: Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25↗2013-10-30

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2013-10-31

▶

Ubuntu

Firefox vulnerabilities↗2013-10-29

▶

Red Hat

Mozilla: Use-after-free in HTML document templates (MFSA 2013-102)↗2013-10-29

▶

💬Community

Bugzilla

CVE-2013-5603 Mozilla: Use-after-free in HTML document templates (MFSA 2013-102)↗2013-10-28

▶

Bugzilla

CVE-2012-5603 CloudForms Katello: lack of authorization in proxies_controller.rb↗2012-11-30

▶