CVE-2013-0758: Code Injection
First published: Sun Jan 13 2013(Updated: )
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <18.0 | |
| Firefox | >=10.0<10.0.12 | |
| Firefox | >=17.0<17.0.2 | |
| Mozilla SeaMonkey | <2.15 | |
| Thunderbird | <17.0.2 | |
| Mozilla Thunderbird | >=10.0<10.0.12 | |
| Mozilla Thunderbird | >=17.0<17.0.2 | |
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| SUSE Linux Enterprise Desktop | =10-sp4 | |
| SUSE Linux Enterprise Desktop | =11-sp2 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp2 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server EUS | =5.9 | |
| Red Hat Enterprise Linux Server EUS | =6.3 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =5.9 | |
| Red Hat Enterprise Linux Workstation | =5.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Ubuntu | =10.04 | |
| Ubuntu | =11.10 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Firefox ESR | >=10.0<10.0.12 | |
| Firefox ESR | >=17.0<17.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
- http://rhn.redhat.com/errata/RHSA-2013-0144.html
- http://rhn.redhat.com/errata/RHSA-2013-0145.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-15.html
- http://www.ubuntu.com/usn/USN-1681-1
- http://www.ubuntu.com/usn/USN-1681-2
- http://www.ubuntu.com/usn/USN-1681-4
- https://bugzilla.mozilla.org/show_bug.cgi?id=813906
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17087
Frequently Asked Questions
What is the severity of CVE-2013-0758?
CVE-2013-0758 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2013-0758?
To fix CVE-2013-0758, upgrade to the latest version of affected software such as Mozilla Firefox 18.0 or higher, Thunderbird 17.0.2 or higher, or SeaMonkey 2.15 or higher.
Which software versions are affected by CVE-2013-0758?
CVE-2013-0758 affects Mozilla Firefox versions before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird versions before 17.0.2, and SeaMonkey versions before 2.15.
What kind of attack does CVE-2013-0758 enable?
CVE-2013-0758 allows remote attackers to execute arbitrary JavaScript code with chrome privileges on vulnerable browsers.
Is CVE-2013-0758 under active exploitation?
There is no specific evidence provided that indicates CVE-2013-0758 is under active exploitation, but users are advised to patch promptly.
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- vendor/mozilla
- canonical/firefox
- version/firefox/10.0
- version/firefox/17.0
- canonical/mozilla seamonkey
- canonical/thunderbird
- canonical/mozilla thunderbird
- version/mozilla thunderbird/10.0
- version/mozilla thunderbird/17.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/10-sp4
- version/suse linux enterprise desktop/11-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp4
- version/suse linux enterprise software development kit/11-sp2
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/5.9
- version/red hat enterprise linux server eus/6.3
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/5.9
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0
- version/red hat enterprise linux workstation/6.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/11.10
- version/ubuntu/12.04
- version/ubuntu/12.10
- canonical/firefox esr
- version/firefox esr/10.0
- version/firefox esr/17.0