PRIOn knowledge basePRION:CVE-2013-1694Design/Logic Flaw
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache’s preserved-wrapper flag.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | eq | 19.0 | |
| firefox | eq | 19.0.2 | |
| firefox | eq | 20.0.1 | |
| firefox | eq | 19.0.1 | |
| firefox | eq | 20.0 | |
| firefox | le | 21.0 | |
| firefox_esr | eq | 17.0.5 | |
| firefox_esr | eq | 17.0 | |
| firefox_esr | eq | 17.0.1 | |
| firefox_esr | eq | 17.0.6 |
References
lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
rhn.redhat.com/errata/RHSA-2013-0981.html
rhn.redhat.com/errata/RHSA-2013-0982.html
www.debian.org/security/2013/dsa-2716
www.debian.org/security/2013/dsa-2720
www.mozilla.org/security/announce/2013/mfsa2013-56.html
www.securityfocus.com/bid/60776
www.ubuntu.com/usn/USN-1890-1
www.ubuntu.com/usn/USN-1891-1
bugzilla.mozilla.org/show_bug.cgi?id=848535
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17405
Related
