CVE-2013-0787

Severity

93%

Complexity

86%

Confidentiality

165%

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Mozilla

First reported 11 years ago

2013-03-11 10:55:00

Last updated 7 years ago

2017-09-19 01:35:00

Affected Software

Mozilla Firefox 19.0

19.0

Mozilla Firefox

Mozilla Firefox Extended Support Release (ESR) 17.0

17.0

Mozilla Firefox Extended Support Release (ESR) 17.0.1

17.0.1

Mozilla Firefox Extended Support Release (ESR) 17.0.2

17.0.2

Mozilla Firefox Extended Support Release (ESR) 17.0.3

17.0.3

Mozilla Thunderbird 17.0

17.0

Mozilla Thunderbird 17.0.2

17.0.2

Mozilla Thunderbird

Mozilla Thunderbird Extended Support Release (ESR) 17.0

17.0

Mozilla Thunderbird Extended Support Release (ESR) 17.0.2

17.0.2

Mozilla Thunderbird Extended Support Release (ESR) 17.0.3

17.0.3

Mozilla SeaMonkey

Mozilla Seamonkey 2.16 beta1

2.16

Mozilla Seamonkey 2.16 beta2

2.16

Mozilla Seamonkey 2.16 beta3

2.16

Mozilla Seamonkey 2.16 beta4

2.16

Mozilla Seamonkey 2.16 beta5

2.16

References

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

openSUSE-SU-2013:0431

openSUSE-SU-2013:0465

openSUSE-SU-2013:0467

openSUSE-SU-2013:0468

SUSE-SU-2013:0470

RHSA-2013:0614

RHSA-2013:0627

http://twitter.com/thezdi/statuses/309484730506698752

http://twitter.com/VUPEN/statuses/309505403631325184

DSA-2699

http://www.mozilla.org/security/announce/2013/mfsa2013-29.html

Vendor Advisory

58391

USN-1758-1

https://bugzilla.mozilla.org/show_bug.cgi?id=848644

oval:org.mitre.oval:def:16737

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2013-0787

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

Type

First reported 11 years ago

Last updated 7 years ago

Affected Software

Mozilla Firefox 19.0

Mozilla Firefox

Mozilla Firefox Extended Support Release (ESR) 17.0

Mozilla Firefox Extended Support Release (ESR) 17.0.1

Mozilla Firefox Extended Support Release (ESR) 17.0.2

Mozilla Firefox Extended Support Release (ESR) 17.0.3

Mozilla Thunderbird 17.0

Mozilla Thunderbird 17.0.2

Mozilla Thunderbird

Mozilla Thunderbird Extended Support Release (ESR) 17.0

Mozilla Thunderbird Extended Support Release (ESR) 17.0.2

Mozilla Thunderbird Extended Support Release (ESR) 17.0.3

Mozilla SeaMonkey

Mozilla Seamonkey 2.16 beta1

Mozilla Seamonkey 2.16 beta2

Mozilla Seamonkey 2.16 beta3

Mozilla Seamonkey 2.16 beta4

Mozilla Seamonkey 2.16 beta5

References

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

openSUSE-SU-2013:0431

openSUSE-SU-2013:0465

openSUSE-SU-2013:0467

openSUSE-SU-2013:0468

SUSE-SU-2013:0470

RHSA-2013:0614

RHSA-2013:0627

http://twitter.com/thezdi/statuses/309484730506698752

http://twitter.com/VUPEN/statuses/309505403631325184

DSA-2699

http://www.mozilla.org/security/announce/2013/mfsa2013-29.html

58391

USN-1758-1

https://bugzilla.mozilla.org/show_bug.cgi?id=848644

oval:org.mitre.oval:def:16737

Stay updated

Get in touch