CVE-2013-0765
First published: Tue Feb 19 2013(Updated: )
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <19.0 | |
| Mozilla SeaMonkey | <2.16 | |
| SUSE Linux | =11.4 | |
| SUSE Linux | =12.1 | |
| SUSE Linux | =12.2 | |
| Ubuntu | =10.04 | |
| Ubuntu | =11.10 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-23.html
- http://www.ubuntu.com/usn/USN-1729-1
- http://www.ubuntu.com/usn/USN-1729-2
- https://bugzilla.mozilla.org/show_bug.cgi?id=830614
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17097
Frequently Asked Questions
What is the severity of CVE-2013-0765?
CVE-2013-0765 is classified as a medium severity vulnerability that allows remote attackers to bypass access restrictions.
How do I fix CVE-2013-0765?
To fix CVE-2013-0765, update to Mozilla Firefox version 19.0, Thunderbird version 17.0.3, or SeaMonkey version 2.16 or later.
What software is affected by CVE-2013-0765?
CVE-2013-0765 affects Mozilla Firefox versions before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16.
What types of attacks can exploit CVE-2013-0765?
CVE-2013-0765 can be exploited by remote attackers through unspecified vectors to bypass intended access restrictions.
Is CVE-2013-0765 still a concern for currently supported versions?
CVE-2013-0765 is not a concern for currently supported versions of affected software that have been updated to include security patches.
- agent/type
- agent/severity
- agent/author
- agent/remedy
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/firefox
- canonical/mozilla seamonkey
- vendor/opensuse
- canonical/suse linux
- version/suse linux/11.4
- version/suse linux/12.1
- version/suse linux/12.2
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/10.04
- version/ubuntu/11.10
- version/ubuntu/12.04
- version/ubuntu/12.10