CVE-2013-0771: Buffer Overflow
First published: Sun Jan 13 2013(Updated: )
Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <18.0 | |
| Mozilla Firefox ESR | >=10.0<10.0.12 | |
| Mozilla Firefox ESR | >=17.0<17.0.2 | |
| Mozilla SeaMonkey | <2.15 | |
| Mozilla Thunderbird | <17.0.2 | |
| Mozilla Thunderbird ESR | >=10.0<10.0.12 | |
| Mozilla Thunderbird ESR | >=17.0<17.0.2 | |
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| SUSE Linux Enterprise Desktop with Beagle | =10-sp4 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| suse linux enterprise server vmware | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp2 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Mozilla Firefox and Thunderbird | <18.0 | |
| Mozilla Firefox and Thunderbird | >=10.0<10.0.12 | |
| Mozilla Firefox and Thunderbird | >=17.0<17.0.2 | |
| Mozilla Firefox and Thunderbird | <17.0.2 | |
| Mozilla Thunderbird | >=10.0<10.0.12 | |
| Mozilla Thunderbird | >=17.0<17.0.2 | |
| Open edX | =11.4 | |
| Open edX | =12.1 | |
| Open edX | =12.2 | |
| SUSE Linux Enterprise Desktop | =10-sp4 | |
| SUSE Linux Enterprise Desktop | =11-sp2 | |
| SUSE Linux Enterprise Server | =11-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-02.html
- http://www.ubuntu.com/usn/USN-1681-1
- http://www.ubuntu.com/usn/USN-1681-2
- http://www.ubuntu.com/usn/USN-1681-4
- https://bugzilla.mozilla.org/show_bug.cgi?id=785555
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17019
Frequently Asked Questions
What is the severity of CVE-2013-0771?
CVE-2013-0771 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2013-0771?
To fix CVE-2013-0771, upgrade to the latest version of Mozilla Firefox, Thunderbird, or SeaMonkey as specified by the vendor.
Which versions are affected by CVE-2013-0771?
CVE-2013-0771 affects Mozilla Firefox versions below 18.0, Thunderbird versions below 17.0.2, SeaMonkey versions below 2.15, and several ESR versions.
What kind of exploitation is possible with CVE-2013-0771?
CVE-2013-0771 can be exploited by remote attackers to execute arbitrary code through crafted content.
Is CVE-2013-0771 specific to a certain operating system?
CVE-2013-0771 is not specific to any operating system as it affects various applications across platforms, including Linux distributions.
- agent/references
- agent/type
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- version/mozilla firefox esr/10.0
- version/mozilla firefox esr/17.0
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- canonical/mozilla thunderbird esr
- version/mozilla thunderbird esr/10.0
- version/mozilla thunderbird esr/17.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/10-sp4
- version/suse linux enterprise desktop with beagle/11-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp2
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp4
- version/suse linux enterprise software development kit/11-sp2
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/11.10
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- canonical/mozilla firefox and thunderbird
- version/mozilla firefox and thunderbird/10.0
- version/mozilla firefox and thunderbird/17.0
- version/mozilla thunderbird/10.0
- version/mozilla thunderbird/17.0
- canonical/open edx
- version/open edx/11.4
- version/open edx/12.1
- version/open edx/12.2
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/10-sp4
- version/suse linux enterprise desktop/11-sp2