ID CVE-2013-1681
Summary Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
References
Vulnerable Configurations
  • Mozilla Firefox 19.0
    cpe:2.3:a:mozilla:firefox:19.0
  • Mozilla Firefox 19.0.1
    cpe:2.3:a:mozilla:firefox:19.0.1
  • Mozilla Firefox 19.0.2
    cpe:2.3:a:mozilla:firefox:19.0.2
  • Mozilla Firefox 20.0
    cpe:2.3:a:mozilla:firefox:20.0
  • Mozilla Firefox 20.0.1
    cpe:2.3:a:mozilla:firefox:20.0.1
  • Mozilla Firefox Extended Support Release (ESR) 17.0.2
    cpe:2.3:a:mozilla:firefox_esr:17.0.2
  • Mozilla Firefox Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:firefox_esr:17.0.1
  • Mozilla Firefox Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:firefox_esr:17.0
  • Mozilla Firefox Extended Support Release (ESR) 17.0.3
    cpe:2.3:a:mozilla:firefox_esr:17.0.3
  • Mozilla Firefox Extended Support Release (ESR) 17.0.4
    cpe:2.3:a:mozilla:firefox_esr:17.0.4
  • Mozilla Firefox Extended Support Release (ESR) 17.0.5
    cpe:2.3:a:mozilla:firefox_esr:17.0.5
  • Mozilla Thunderbird 17.0.2
    cpe:2.3:a:mozilla:thunderbird:17.0.2
  • Mozilla Thunderbird 17.0
    cpe:2.3:a:mozilla:thunderbird:17.0
  • Mozilla Thunderbird 17.0.1
    cpe:2.3:a:mozilla:thunderbird:17.0.1
  • Mozilla Thunderbird 17.0.3
    cpe:2.3:a:mozilla:thunderbird:17.0.3
  • Mozilla Thunderbird 17.0.4
    cpe:2.3:a:mozilla:thunderbird:17.0.4
  • Mozilla Thunderbird 17.0.5
    cpe:2.3:a:mozilla:thunderbird:17.0.5
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0
    cpe:2.3:a:mozilla:thunderbird_esr:17.0
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.1
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.1
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.2
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.2
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.3
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.3
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.4
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.4
  • Mozilla Thunderbird Extended Support Release (ESR) 17.0.5
    cpe:2.3:a:mozilla:thunderbird_esr:17.0.5
CVSS
Base: 10.0 (as of 16-05-2013 - 10:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201309-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 70183
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70183
    title GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_21.NASL
    description The installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by multiple vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - An information leakage exists because the file input control has access to the full path. (CVE-2013-1671) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675) - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66476
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66476
    title Firefox < 21.0 Multiple Vulnerabilities (Mac OS X)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4A1CA8A4BD8211E2B7A0D43D7E0C7C02.NASL
    description The Mozilla Project reports : MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries MFSA 2013-46 Use-after-free with video and onresize event MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent MFSA 2013-48 Memory corruption found using Address Sanitizer
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 66455
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66455
    title FreeBSD : mozilla -- multiple vulnerabilities (4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2720.NASL
    description Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery. As already announced for Iceweasel: we're changing the approach for security updates for Icedove in stable-security: instead of backporting security fixes, we now provide releases based on the Extended Support Release branch. As such, this update introduces packages based on Thunderbird 17 and at some point in the future we will switch to the next ESR branch once ESR 17 has reached it's end of life. Some Icedove extensions currently packaged in the Debian archive are not compatible with the new browser engine. Up-to-date and compatible versions can be retrieved from http://addons.mozilla.org as a short term solution. An updated and compatible version of Enigmail is included with this update. The Icedove version in the oldstable distribution (squeeze) is no longer supported with full security updates. However, it should be noted that almost all security issues in Icedove stem from the included browser engine. These security problems only affect Icedove if scripting and HTML mails are enabled. If there are security issues specific to Icedove (e.g. a hypothetical buffer overflow in the IMAP implementation) we'll make an effort to backport such fixes to oldstable.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 67201
    published 2013-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67201
    title Debian DSA-2720-1 : icedove - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2699.NASL
    description Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting. We're changing the approach for security updates for Iceweasel, Icedove and Iceape in stable-security: Instead of backporting security fixes, we now provide releases based on the Extended Support Release branch. As such, this update introduces packages based on Firefox 17 and at some point in the future we will switch to the next ESR branch once ESR 17 has reached it's end of life. Some Xul extensions currently packaged in the Debian archive are not compatible with the new browser engine. Up-to-date and compatible versions can be retrieved from http://addons.mozilla.org as a short term solution. A solution to keep packaged extensions compatible with the Mozilla releases is still being sorted out. We don't have the resources to backport security fixes to the Iceweasel release in oldstable-security any longer. If you're up to the task and want to help, please get in touch with team@security.debian.org. Otherwise, we'll announce the end of security support for Iceweasel, Icedove and Iceape in Squeeze in the next update round.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 66766
    published 2013-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66766
    title Debian DSA-2699-1 : iceweasel - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FIREFOX-20130628-130702.NASL
    description Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-49) Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. (MFSA 2013-50) - Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITab le. (CVE-2013-1684) - Heap-use-after-free in nsIDocument::GetRootElement. (CVE-2013-1685) - Heap-use-after-free in mozilla::ResetDir. (CVE-2013-1686) - Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. (MFSA 2013-51 / CVE-2013-1687) - Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. (MFSA 2013-53 / CVE-2013-1690) - Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. (MFSA 2013-54 / CVE-2013-1692) - Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. (MFSA 2013-55 / CVE-2013-1693) - Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. (MFSA 2013-59 / CVE-2013-1697) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-30) Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. (MFSA 2013-31 / CVE-2013-0800) - Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. (MFSA 2013-32 / CVE-2013-0799) - Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. (MFSA 2013-34 / CVE-2013-0797) - Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. (MFSA 2013-35 / CVE-2013-0796) - Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. (MFSA 2013-36 / CVE-2013-0795) - Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. (MFSA 2013-37 / CVE-2013-0794) - Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. (MFSA 2013-38 / CVE-2013-0793) - Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory. By default, this preference is not enabled. (MFSA 2013-39 / CVE-2013-0792) - Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash. (MFSA 2013-40 / CVE-2013-0791) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-41) References - Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, and Jeff Walden reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 20. - Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 20. - Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged access. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks. (MFSA 2013-42 / CVE-2013-1670) - Mozilla security researcher moz_bug_r_a4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system. (MFSA 2013-43 / CVE-2013-1671) - Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass integrity checks leading to local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. (MFSA 2013-44 / CVE-2013-1672) - Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry entries for the Mozilla Maintenance Service, which fixed the earlier issues present if Firefox 12 had been installed. New installations of Firefox after version 12 are not affected by this issue. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. References: - old MozillaMaintenance Service registry entry not updated leading to Trusted Path Privilege Escalation (CVE-2013-1673) - Possible Arbitrary Code Execution by Update Service. (CVE-2012-1942). (MFSA 2013-45) - Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution. (MFSA 2013-46 / CVE-2013-1674) - Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. (MFSA 2013-47 / CVE-2013-1675) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. (MFSA 2013-48) References - Out of Bounds Read in SelectionIterator::GetNextSegment. (CVE-2013-1676) - Out-of-bound read in gfxSkipCharsIterator::SetOffsets (CVE-2013-1677)) - Invalid write in _cairo_xlib_surface_add_glyph. (CVE-2013-1678) - Heap-use-after-free in mozilla::plugins::child::_geturlnotify. (CVE-2013-1679) - Heap-use-after-free in nsFrameList::FirstChild. (CVE-2013-1680) - Heap-use-after-free in nsContentUtils::RemoveScriptBlocker. (CVE-2013-1681) - CVE-2012-1942 - CVE-2013-0788 - CVE-2013-0791 - CVE-2013-0792 - CVE-2013-0793 - CVE-2013-0794 - CVE-2013-0795 - CVE-2013-0796 - CVE-2013-0797 - CVE-2013-0798 - CVE-2013-0799 - CVE-2013-0800 - CVE-2013-0801 - CVE-2013-1669 - CVE-2013-1670 - CVE-2013-1671 - CVE-2013-1672 - CVE-2013-1673 - CVE-2013-1674 - CVE-2013-1675 - CVE-2013-1676 - CVE-2013-1677 - CVE-2013-1678 - CVE-2013-1679 - CVE-2013-1680 - CVE-2013-1681 - CVE-2013-1682 - CVE-2013-1684 - CVE-2013-1685 - CVE-2013-1686 - CVE-2013-1687 - CVE-2013-1690 - CVE-2013-1692 - CVE-2013-1693 - CVE-2013-1697
    last seen 2019-02-21
    modified 2014-10-28
    plugin id 68949
    published 2013-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68949
    title SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_21.NASL
    description The installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - An information leakage exists because the file input control has access to the full path. (CVE-2013-1671) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675) - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 66480
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66480
    title Firefox < 21.0 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_17_0_6_ESR.NASL
    description The installed version of Thunderbird ESR 17.x is prior to 17.0.6 and is, therefore, potentially affected the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675) - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66478
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66478
    title Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1823-1.NASL
    description Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0801, CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1670) A use-after-free was discovered when resizing video content whilst it is playing. If a user had scripting enabled, an attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1674) It was discovered that some DOMSVGZoomEvent functions could be used without being properly initialized, which could lead to information leakage. (CVE-2013-1675) Abhishek Arya discovered multiple memory safety issues in Thunderbird. If the user were tricked into opening a specially crafted message, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 66443
    published 2013-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66443
    title Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1823-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0821.NASL
    description From Red Hat Security Advisory 2013:0821 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68821
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68821
    title Oracle Linux 6 : thunderbird (ELSA-2013-0821)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130514_THUNDERBIRD_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 66461
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66461
    title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0820.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66429
    published 2013-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66429
    title CentOS 5 / 6 : firefox (CESA-2013:0820)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130514_FIREFOX_ON_SL5_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 66460
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66460
    title Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0820.NASL
    description From Red Hat Security Advisory 2013:0820 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68820
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68820
    title Oracle Linux 5 / 6 : firefox (ELSA-2013-0820)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_17_0_6_ESR.NASL
    description The installed version of Firefox ESR 17.x is earlier than 17.0.6 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some 'DOMSVGZoomEvent' functions are used without being properly initialized which could lead to information disclosure. (CVE-2013-1675) - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66475
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66475
    title Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1822-1.NASL
    description Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0801, CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). An attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1670) It was discovered that the file input element could expose the full local path under certain conditions. An attacker could potentially exploit this to steal sensitive information. (CVE-2013-1671) A use-after-free was discovered when resizing video content whilst it is playing. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-1674) It was discovered that some DOMSVGZoomEvent functions could be used without being properly initialized, which could lead to information leakage. (CVE-2013-1675) Abhishek Arya discovered multiple memory safety issues in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 66442
    published 2013-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66442
    title Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1822-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-448.NASL
    description Mozilla xulrunner was updated to 17.0.6esr (bnc#819204) - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75014
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75014
    title openSUSE Security Update : xulrunner (openSUSE-SU-2013:0929-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0821.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66438
    published 2013-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66438
    title RHEL 5 / 6 : thunderbird (RHSA-2013:0821)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0821.NASL
    description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66430
    published 2013-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66430
    title CentOS 5 / 6 : thunderbird (CESA-2013:0821)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1706_ESR.NASL
    description The installed version of Thunderbird ESR 17.x is earlier than 17.0.6 and is, therefore, potentially affected the following vulnerabilities: - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675) - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 66482
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66482
    title Mozilla Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_1706.NASL
    description The installed version of Thunderbird 17.x is a version prior to 17.0.5 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675) - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 66481
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66481
    title Mozilla Thunderbird 17.x < 17.0.5 Multiple Vulnerabilities
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1706_ESR.NASL
    description The installed version of Firefox ESR 17.x is earlier than 17.0.6, and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675) - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 66479
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66479
    title Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_17_0_6.NASL
    description The installed version of Thunderbird is earlier than 17.0.6 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675) - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66477
    published 2013-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66477
    title Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-438.NASL
    description MozillaFirefox was updated to Firefox 21.0 (bnc#819204) - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer Changes in MozillaFirefox-branding-openSUSE : - modified file locations for Firefox 21 and above - added DuckDuckGo as search option (bnc#801121)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75009
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75009
    title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:0946-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-447.NASL
    description MozillaThunderbird was updated to security update Thunderbird 17.0.6 (bnc#819204) : - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75013
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75013
    title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0894-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0820.NASL
    description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 66437
    published 2013-05-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66437
    title RHEL 5 / 6 : firefox (RHSA-2013:0820)
oval via4
accepted 2014-10-06T04:02:24.696-04:00
class vulnerability
contributors
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
  • comment Mozilla Firefox ESR is installed
    oval oval:org.mitre.oval:def:22414
  • comment Mozilla Thunderbird ESR is installed
    oval oval:org.mitre.oval:def:22216
description Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
family windows
id oval:org.mitre.oval:def:16988
status accepted
submitted 2013-05-13T10:26:26.748+04:00
title Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
version 31
redhat via4
advisories
  • bugzilla
    id 962603
    title CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment xulrunner is earlier than 0:17.0.6-1.el5_9
            oval oval:com.redhat.rhsa:tst:20130820002
          • comment xulrunner is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080569003
        • AND
          • comment xulrunner-devel is earlier than 0:17.0.6-1.el5_9
            oval oval:com.redhat.rhsa:tst:20130820004
          • comment xulrunner-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080569005
        • AND
          • comment firefox is earlier than 0:17.0.6-1.el5_9
            oval oval:com.redhat.rhsa:tst:20130820006
          • comment firefox is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070097009
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment firefox is earlier than 0:17.0.6-1.el6_4
            oval oval:com.redhat.rhsa:tst:20130820012
          • comment firefox is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861010
        • AND
          • comment xulrunner is earlier than 0:17.0.6-2.el6_4
            oval oval:com.redhat.rhsa:tst:20130820014
          • comment xulrunner is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861006
        • AND
          • comment xulrunner-devel is earlier than 0:17.0.6-2.el6_4
            oval oval:com.redhat.rhsa:tst:20130820016
          • comment xulrunner-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861008
    rhsa
    id RHSA-2013:0820
    released 2013-05-14
    severity Critical
    title RHSA-2013:0820: firefox security update (Critical)
  • bugzilla
    id 962603
    title CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • comment thunderbird is earlier than 0:17.0.6-1.el5_9
        oval oval:com.redhat.rhsa:tst:20130821002
      • comment thunderbird is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070108003
    • AND
      • comment thunderbird is earlier than 0:17.0.6-2.el6_4
        oval oval:com.redhat.rhsa:tst:20130821008
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896006
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
    rhsa
    id RHSA-2013:0821
    released 2013-05-14
    severity Important
    title RHSA-2013:0821: thunderbird security update (Important)
rpms
  • xulrunner-0:17.0.6-1.el5_9
  • xulrunner-devel-0:17.0.6-1.el5_9
  • firefox-0:17.0.6-1.el5_9
  • firefox-0:17.0.6-1.el6_4
  • xulrunner-0:17.0.6-2.el6_4
  • xulrunner-devel-0:17.0.6-2.el6_4
  • thunderbird-0:17.0.6-1.el5_9
  • thunderbird-0:17.0.6-2.el6_4
refmap via4
bid 59862
confirm
debian DSA-2699
mandriva MDVSA-2013:165
suse
  • openSUSE-SU-2013:0825
  • openSUSE-SU-2013:0831
  • openSUSE-SU-2013:0834
  • openSUSE-SU-2013:0929
  • openSUSE-SU-2013:0946
ubuntu
  • USN-1822-1
  • USN-1823-1
Last major update 06-01-2017 - 21:59
Published 16-05-2013 - 07:45
Last modified 18-09-2017 - 21:36
Back to Top