CVE-2013-0761: Use After Free
First published: Sun Jan 13 2013(Updated: )
Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <18.0 | |
| Mozilla Firefox ESR | >=10.0<10.0.12 | |
| Mozilla Firefox ESR | >=17.0<17.0.2 | |
| Mozilla SeaMonkey | <2.15 | |
| Mozilla Thunderbird | <17.0.2 | |
| Mozilla Thunderbird ESR | >=10.0<10.0.12 | |
| Mozilla Thunderbird ESR | >=17.0<17.0.2 | |
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| SUSE Linux Enterprise Desktop with Beagle | =10-sp4 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| suse linux enterprise server vmware | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp2 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Mozilla Firefox and Thunderbird | <18.0 | |
| Mozilla Firefox and Thunderbird | >=10.0<10.0.12 | |
| Mozilla Firefox and Thunderbird | >=17.0<17.0.2 | |
| Mozilla Firefox and Thunderbird | <17.0.2 | |
| Mozilla Thunderbird | >=10.0<10.0.12 | |
| Mozilla Thunderbird | >=17.0<17.0.2 | |
| Open edX | =11.4 | |
| Open edX | =12.1 | |
| Open edX | =12.2 | |
| SUSE Linux Enterprise Desktop | =10-sp4 | |
| SUSE Linux Enterprise Desktop | =11-sp2 | |
| SUSE Linux Enterprise Server | =11-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-02.html
- http://www.ubuntu.com/usn/USN-1681-1
- http://www.ubuntu.com/usn/USN-1681-2
- http://www.ubuntu.com/usn/USN-1681-4
- https://bugzilla.mozilla.org/show_bug.cgi?id=787831
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16832
Frequently Asked Questions
What is the severity of CVE-2013-0761?
CVE-2013-0761 has a critical severity rating due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2013-0761?
To fix CVE-2013-0761, upgrade affected Mozilla Firefox, Thunderbird, SeaMonkey, or their ESR versions to the latest available versions.
What software is affected by CVE-2013-0761?
CVE-2013-0761 affects Mozilla Firefox versions prior to 18.0, Thunderbird versions prior to 17.0.2, SeaMonkey versions prior to 2.15, and their respective ESR versions.
Can CVE-2013-0761 be exploited remotely?
Yes, CVE-2013-0761 can be exploited remotely, allowing attackers to execute arbitrary code on an affected system.
What is a use-after-free vulnerability like CVE-2013-0761?
A use-after-free vulnerability like CVE-2013-0761 occurs when a program continues to use a pointer after the memory it points to has been freed, potentially leading to code execution.
- agent/references
- agent/type
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- version/mozilla firefox esr/10.0
- version/mozilla firefox esr/17.0
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- canonical/mozilla thunderbird esr
- version/mozilla thunderbird esr/10.0
- version/mozilla thunderbird esr/17.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/10-sp4
- version/suse linux enterprise desktop with beagle/11-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp2
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp4
- version/suse linux enterprise software development kit/11-sp2
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/11.10
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- canonical/mozilla firefox and thunderbird
- version/mozilla firefox and thunderbird/10.0
- version/mozilla firefox and thunderbird/17.0
- version/mozilla thunderbird/10.0
- version/mozilla thunderbird/17.0
- canonical/open edx
- version/open edx/11.4
- version/open edx/12.1
- version/open edx/12.2
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/10-sp4
- version/suse linux enterprise desktop/11-sp2