Lucene search

MozillaCVE-2013-0787

HistoryMar 11, 2013 - 10:55 a.m.

CVE-2013-0787

2013-03-1110:55:00

CWE-399

mozilla

web.nvd.nist.gov

cve-2013-0787

use-after-free vulnerability

nseditor::ispreformatted

mozilla firefox

firefox esr

thunderbird

thunderbird esr

seamonkey

remote code execution

execcommand call

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

9.4

Confidence

High

EPSS

0.097

Percentile

94.8%

JSON

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.

Affected configurations

Nvd

Node

mozillafirefoxRange≤19.0.1

mozillafirefoxMatch19.0

Node

mozillafirefox_esrMatch17.0

mozillafirefox_esrMatch17.0.1

mozillafirefox_esrMatch17.0.2

mozillafirefox_esrMatch17.0.3

Node

mozillathunderbirdRange≤17.0.3

mozillathunderbirdMatch17.0

mozillathunderbirdMatch17.0.1

mozillathunderbirdMatch17.0.2

Node

mozillathunderbird_esrMatch17.0

mozillathunderbird_esrMatch17.0.1

mozillathunderbird_esrMatch17.0.2

mozillathunderbird_esrMatch17.0.3

Node

mozillaseamonkeyRange≤2.16

mozillaseamonkeyMatch2.16beta1

mozillaseamonkeyMatch2.16beta2

mozillaseamonkeyMatch2.16beta3

mozillaseamonkeyMatch2.16beta4

mozillaseamonkeyMatch2.16beta5

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox19.0cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
mozillafirefox_esr17.0cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*
mozillafirefox_esr17.0.1cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*
mozillafirefox_esr17.0.2cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*
mozillafirefox_esr17.0.3cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
mozillathunderbird17.0cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
mozillathunderbird17.0.1cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
mozillathunderbird17.0.2cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	19.0	cpe:2.3:a:mozilla:firefox:19.0:::::::*
mozilla	firefox_esr	17.0	cpe:2.3:a:mozilla:firefox_esr:17.0:::::::*
mozilla	firefox_esr	17.0.1	cpe:2.3:a:mozilla:firefox_esr:17.0.1:::::::*
mozilla	firefox_esr	17.0.2	cpe:2.3:a:mozilla:firefox_esr:17.0.2:::::::*
mozilla	firefox_esr	17.0.3	cpe:2.3:a:mozilla:firefox_esr:17.0.3:::::::*
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
mozilla	thunderbird	17.0	cpe:2.3:a:mozilla:thunderbird:17.0:::::::*
mozilla	thunderbird	17.0.1	cpe:2.3:a:mozilla:thunderbird:17.0.1:::::::*
mozilla	thunderbird	17.0.2	cpe:2.3:a:mozilla:thunderbird:17.0.2:::::::*