CVE-2013-0754: Use After Free
First published: Sun Jan 13 2013(Updated: )
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <18.0 | |
| Mozilla Firefox | >=10.0<10.0.12 | |
| Mozilla Firefox | >=17.0<17.0.2 | |
| Mozilla SeaMonkey | <2.15 | |
| Mozilla Thunderbird | <17.0.2 | |
| Mozilla Thunderbird ESR | >=10.0<10.0.12 | |
| Mozilla Thunderbird ESR | >=17.0<17.0.2 | |
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| SUSE Linux Enterprise Desktop with Beagle | =10-sp4 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| suse linux enterprise server vmware | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp2 | |
| redhat enterprise Linux desktop | =5.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =5.9 | |
| redhat enterprise Linux eus | =6.3 | |
| redhat enterprise Linux server | =5.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server aus | =5.9 | |
| redhat enterprise Linux workstation | =5.0 | |
| redhat enterprise Linux workstation | =6.0 | |
| Ubuntu | =10.04 | |
| Ubuntu | =11.10 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Mozilla Firefox ESR | >=10.0<10.0.12 | |
| Mozilla Firefox ESR | >=17.0<17.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
- http://rhn.redhat.com/errata/RHSA-2013-0144.html
- http://rhn.redhat.com/errata/RHSA-2013-0145.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-17.html
- http://www.ubuntu.com/usn/USN-1681-1
- http://www.ubuntu.com/usn/USN-1681-2
- http://www.ubuntu.com/usn/USN-1681-4
- https://bugzilla.mozilla.org/show_bug.cgi?id=814026
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16812
Frequently Asked Questions
What is the severity of CVE-2013-0754?
CVE-2013-0754 has a severity rating of moderate, indicating potential risk for exploitation.
How do I fix CVE-2013-0754?
To fix CVE-2013-0754, upgrade to the latest version of Mozilla Firefox, Thunderbird, or SeaMonkey, as applicable.
Which versions are affected by CVE-2013-0754?
CVE-2013-0754 affects Mozilla Firefox versions prior to 18.0, Thunderbird versions prior to 17.0.2, and SeaMonkey versions before 2.15.
What type of vulnerability is CVE-2013-0754?
CVE-2013-0754 is a use-after-free vulnerability that may allow remote attackers to execute arbitrary code.
Is CVE-2013-0754 exploitable via the web?
Yes, CVE-2013-0754 can be exploited through malicious web pages that trigger the vulnerability in affected browsers.
- agent/references
- agent/type
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/10.0
- version/mozilla firefox/17.0
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- canonical/mozilla thunderbird esr
- version/mozilla thunderbird esr/10.0
- version/mozilla thunderbird esr/17.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/10-sp4
- version/suse linux enterprise desktop with beagle/11-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp2
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp4
- version/suse linux enterprise software development kit/11-sp2
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5.9
- version/redhat enterprise linux eus/6.3
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/5.0
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/5.9
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/5.0
- version/redhat enterprise linux workstation/6.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/11.10
- version/ubuntu/12.04
- version/ubuntu/12.10
- canonical/mozilla firefox esr
- version/mozilla firefox esr/10.0
- version/mozilla firefox esr/17.0