ID CVE-2013-0787
Summary Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
References
Vulnerable Configurations
  • Mozilla Firefox 19.0
    cpe:2.3:a:mozilla:firefox:19.0
  • Mozilla Firefox 19.0.1
    cpe:2.3:a:mozilla:firefox:19.0.1
  • Mozilla Firefox Extended Support Release (ESR) 17.0.2
    cpe:2.3:a:mozilla:firefox_esr:17.0.2
  • Mozilla Firefox Extended Support Release (ESR) 17.0.3
    cpe:2.3:a:mozilla:firefox_esr:17.0.3
  • Mozilla Firefox Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:firefox_esr:17.0.1
  • Mozilla Firefox Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:firefox_esr:17.0
  • Mozilla Thunderbird 17.0.2
    cpe:2.3:a:mozilla:thunderbird:17.0.2
  • Mozilla Thunderbird 17.0
    cpe:2.3:a:mozilla:thunderbird:17.0
  • Mozilla Thunderbird 17.0.3
    cpe:2.3:a:mozilla:thunderbird:17.0.3
  • Mozilla Thunderbird 17.0.1
    cpe:2.3:a:mozilla:thunderbird:17.0.1
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:thunderbird_esr:17.0
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.1
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.2
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.2
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.3
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.3
  • Mozilla Seamonkey 2.16
    cpe:2.3:a:mozilla:seamonkey:2.16
  • Mozilla Seamonkey 2.16 beta5
    cpe:2.3:a:mozilla:seamonkey:2.16:beta5
  • Mozilla Seamonkey 2.16 beta4
    cpe:2.3:a:mozilla:seamonkey:2.16:beta4
  • Mozilla Seamonkey 2.16 beta3
    cpe:2.3:a:mozilla:seamonkey:2.16:beta3
  • Mozilla Seamonkey 2.16 beta2
    cpe:2.3:a:mozilla:seamonkey:2.16:beta2
  • Mozilla Seamonkey 2.16 beta1
    cpe:2.3:a:mozilla:seamonkey:2.16:beta1
CVSS
Base: 9.3 (as of 22-03-2013 - 15:09)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_630C8C08880F11E2807FD43D7E0C7C02.NASL
    description The Mozilla Project reports : MFSA 2013-29 Use-after-free in HTML Editor
    last seen 2018-11-22
    modified 2018-11-21
    plugin id 65185
    published 2013-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65185
    title FreeBSD : mozilla -- use-after-free in HTML Editor (630c8c08-880f-11e2-807f-d43d7e0c7c02)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 70183
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70183
    title GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2699.NASL
    description Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting. We're changing the approach for security updates for Iceweasel, Icedove and Iceape in stable-security: Instead of backporting security fixes, we now provide releases based on the Extended Support Release branch. As such, this update introduces packages based on Firefox 17 and at some point in the future we will switch to the next ESR branch once ESR 17 has reached it's end of life. Some Xul extensions currently packaged in the Debian archive are not compatible with the new browser engine. Up-to-date and compatible versions can be retrieved from http://addons.mozilla.org as a short term solution. A solution to keep packaged extensions compatible with the Mozilla releases is still being sorted out. We don't have the resources to backport security fixes to the Iceweasel release in oldstable-security any longer. If you're up to the task and want to help, please get in touch with team@security.debian.org. Otherwise, we'll announce the end of security support for Iceweasel, Icedove and Iceape in Squeeze in the next update round.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 66766
    published 2013-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66766
    title Debian DSA-2699-1 : iceweasel - several vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_17_0_4_ESR.NASL
    description The installed version of Thunderbird ESR 17.x is potentially affected a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 65190
    published 2013-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65190
    title Thunderbird ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free (Mac OS X)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0627.NASL
    description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65226
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65226
    title CentOS 5 / 6 : thunderbird (CESA-2013:0627)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FIREFOX-201303-130311.NASL
    description Mozilla Firefox has been updated to the 17.0.4ESR release which fixes one important security issue : - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. (MFSA 2013-29 / CVE-2013-0787)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 65596
    published 2013-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65596
    title SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7464)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130308_XULRUNNER_ON_SL5_X.NASL
    description A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 65174
    published 2013-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65174
    title Scientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-207.NASL
    description MozillaThunderbird was updated to 17.0.4 (bnc#808243) - MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 74923
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74923
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0465-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_17_0_4.NASL
    description The installed version of Thunderbird 17.x is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 65189
    published 2013-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65189
    title Thunderbird 17.x < 17.0.4 nsHTMLEditor Use-After-Free (Mac OS X)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1704_ESR.NASL
    description The installed version of Firefox ESR 17.x is earlier than 17.0.4, and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 65130
    published 2013-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65130
    title Firefox ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0614.NASL
    description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 65173
    published 2013-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65173
    title RHEL 5 / 6 : xulrunner (RHSA-2013:0614)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0627.NASL
    description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65205
    published 2013-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65205
    title RHEL 5 / 6 : thunderbird (RHSA-2013:0627)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-206.NASL
    description Mozilla Firefox was updated to 19.0.2 (bnc#808243) fixing : - MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor could be used for code execution - blocklist updates
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74922
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74922
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:0467-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0627.NASL
    description From Red Hat Security Advisory 2013:0627 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68787
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68787
    title Oracle Linux 6 : thunderbird (ELSA-2013-0627)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1758-1.NASL
    description It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 65104
    published 2013-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65104
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerability (USN-1758-1)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1704_ESR.NASL
    description The installed version of Thunderbird ESR 17.x is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 65192
    published 2013-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65192
    title Mozilla Thunderbird ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1758-2.NASL
    description USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 65250
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65250
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerability (USN-1758-2)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130311_THUNDERBIRD_ON_SL5_X.NASL
    description A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 65242
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65242
    title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0614.NASL
    description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65167
    published 2013-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65167
    title CentOS 5 / 6 : xulrunner (CESA-2013:0614)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0614.NASL
    description From Red Hat Security Advisory 2013:0614 : Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68783
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68783
    title Oracle Linux 5 / 6 : xulrunner (ELSA-2013-0614)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1902.NASL
    description The installed version of Firefox is earlier than 19.0.2, and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 65131
    published 2013-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65131
    title Firefox < 19.0.2 nsHTMLEditor Use-After-Free
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_17_0_4_ESR.NASL
    description The installed version of Firefox ESR 17.x is earlier than 17.0.4 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 65128
    published 2013-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65128
    title Firefox ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free (Mac OS X)
  • NASL family Windows
    NASL id SEAMONKEY_2161.NASL
    description The installed version of SeaMonkey is earlier than 2.16.1 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 65187
    published 2013-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65187
    title SeaMonkey < 2.16.1 nsHTMLEditor Use-After-Free
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-208.NASL
    description seamonkey was updated to version 2.16.1 fixing a severe security issue. - MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 74924
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74924
    title openSUSE Security Update : seamonkey (openSUSE-SU-2013:0468-1)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1704.NASL
    description The installed version of Thunderbird is earlier than 17.0.4 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 65191
    published 2013-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65191
    title Mozilla Thunderbird < 17.0.4 nsHTMLEditor Use-After-Free
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_19_0_2.NASL
    description The installed version of Firefox is earlier than 19.0.2 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 65129
    published 2013-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65129
    title Firefox < 19.0.2 nsHTMLEditor Use-After-Free (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-209.NASL
    description xulrunner was updated to 17.0.4esr (bnc#808243) to fix a important security issue : - MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74925
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74925
    title openSUSE Security Update : xulrunner (openSUSE-SU-2013:0466-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FIREFOX-201303-8506.NASL
    description MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes : - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. (MFSA 2013-29 / CVE-2013-0787) The Firefox 17.0.3ESR release also contains lots of security fixes : - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting four additional use-after-free and out of bounds write flaws introduced during Firefox development that were fixed before general release. (MFSA 2013-28) The following issues have been fixed in Firefox 19 and ESR 17.0.3 : - Heap-use-after-free in nsOverflowContinuationTracker::Finish, with -moz-columns. (CVE-2013-0780) - Heap-buffer-overflow WRITE in nsSaveAsCharset::DoCharsetConversion. (CVE-2013-0782) - Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses that appear to be secure. This spoofing of addresses can be used for phishing attacks by fooling users into entering credentials, for example. (MFSA 2013-27 / CVE-2013-0776) - Security researcher Nils reported a use-after-free in nsImageLoadingContent when content script is executed. This could allow for arbitrary code execution. (MFSA 2013-26 / CVE-2013-0775) - Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack. (MFSA 2013-25 / CVE-2013-0774) - Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution. (MFSA 2013-24 / CVE-2013-0773) - Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases. (MFSA 2013-23 / CVE-2013-0765) - Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found an out-of-bounds read while rendering GIF format images. This could cause a non-exploitable crash and could also attempt to render normally inaccesible data as part of the image. (MFSA 2013-22 / CVE-2013-0772) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-21) Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, and Wayne Mery reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 18. - Memory safety bugs fixed in Firefox ESR 17.0.3, and Firefox 19. (CVE-2013-0783)
    last seen 2019-02-21
    modified 2013-04-09
    plugin id 65598
    published 2013-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65598
    title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506)
oval via4
accepted 2014-10-06T04:02:02.820-04:00
class vulnerability
contributors
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox ESR is installed
    oval oval:org.mitre.oval:def:22414
  • comment Mozilla Thunderbird ESR is installed
    oval oval:org.mitre.oval:def:22216
description Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
family windows
id oval:org.mitre.oval:def:16737
status accepted
submitted 2013-05-13T10:26:26.748+04:00
title Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
version 32
redhat via4
advisories
  • bugzilla
    id 918876
    title CVE-2013-0787 Mozilla: Use-after-free in HTML Editor (MFSA 2013-29)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment xulrunner is earlier than 0:17.0.3-2.el5_9
            oval oval:com.redhat.rhsa:tst:20130614002
          • comment xulrunner is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080569003
        • AND
          • comment xulrunner-devel is earlier than 0:17.0.3-2.el5_9
            oval oval:com.redhat.rhsa:tst:20130614004
          • comment xulrunner-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080569005
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment xulrunner is earlier than 0:17.0.3-2.el6_4
            oval oval:com.redhat.rhsa:tst:20130614010
          • comment xulrunner is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861006
        • AND
          • comment xulrunner-devel is earlier than 0:17.0.3-2.el6_4
            oval oval:com.redhat.rhsa:tst:20130614012
          • comment xulrunner-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861008
    rhsa
    id RHSA-2013:0614
    released 2013-03-08
    severity Critical
    title RHSA-2013:0614: xulrunner security update (Critical)
  • bugzilla
    id 918876
    title CVE-2013-0787 Mozilla: Use-after-free in HTML Editor (MFSA 2013-29)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • comment thunderbird is earlier than 0:17.0.3-2.el5_9
        oval oval:com.redhat.rhsa:tst:20130627002
      • comment thunderbird is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070108003
    • AND
      • comment thunderbird is earlier than 0:17.0.3-2.el6_4
        oval oval:com.redhat.rhsa:tst:20130627008
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896006
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
    rhsa
    id RHSA-2013:0627
    released 2013-03-11
    severity Important
    title RHSA-2013:0627: thunderbird security update (Important)
rpms
  • xulrunner-0:17.0.3-2.el5_9
  • xulrunner-devel-0:17.0.3-2.el5_9
  • xulrunner-0:17.0.3-2.el6_4
  • xulrunner-devel-0:17.0.3-2.el6_4
  • thunderbird-0:17.0.3-2.el5_9
  • thunderbird-0:17.0.3-2.el6_4
refmap via4
bid 58391
confirm
debian DSA-2699
misc
suse
  • SUSE-SU-2013:0470
  • openSUSE-SU-2013:0431
  • openSUSE-SU-2013:0465
  • openSUSE-SU-2013:0467
  • openSUSE-SU-2013:0468
ubuntu USN-1758-1
Last major update 06-01-2017 - 21:59
Published 11-03-2013 - 06:55
Last modified 18-09-2017 - 21:35
Back to Top