CVE-2013-0780: Use After Free
First published: Tue Feb 19 2013(Updated: )
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <19.0 | |
| Mozilla Firefox ESR | <17.0.3 | |
| Mozilla SeaMonkey | <2.16 | |
| Mozilla Thunderbird | <17.0.3 | |
| Mozilla Thunderbird ESR | <17.0.3 | |
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| redhat enterprise linux aus | =5.9 | |
| redhat enterprise Linux desktop | =5.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =5.9 | |
| redhat enterprise Linux eus | =6.3 | |
| redhat enterprise Linux server | =5.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux workstation | =5.0 | |
| redhat enterprise Linux workstation | =6.0 | |
| Debian GNU/Linux | =7.0 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =12.10 | |
| Mozilla Firefox and Thunderbird | <17.0.3 | |
| Mozilla Firefox and Thunderbird | <19.0 | |
| Mozilla Firefox and Thunderbird | <17.0.3 | |
| Mozilla Thunderbird | <17.0.3 | |
| Open edX | =11.4 | |
| Open edX | =12.1 | |
| Open edX | =12.2 | |
| Red Hat Enterprise Linux | =5.9 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server EUS | =5.9 | |
| Red Hat Enterprise Linux Server EUS | =6.3 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Workstation | =5.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Debian | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
- http://rhn.redhat.com/errata/RHSA-2013-0271.html
- http://rhn.redhat.com/errata/RHSA-2013-0272.html
- http://www.debian.org/security/2013/dsa-2699
- http://www.mozilla.org/security/announce/2013/mfsa2013-28.html
- http://www.ubuntu.com/usn/USN-1729-1
- http://www.ubuntu.com/usn/USN-1729-2
- http://www.ubuntu.com/usn/USN-1748-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=812893
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16383
Frequently Asked Questions
What is the severity of CVE-2013-0780?
CVE-2013-0780 is classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2013-0780?
To fix CVE-2013-0780, update your affected Mozilla Firefox, Thunderbird, or SeaMonkey installations to the latest versions available.
Which versions are affected by CVE-2013-0780?
CVE-2013-0780 affects Mozilla Firefox versions prior to 19.0, Firefox ESR versions prior to 17.0.3, and other specific versions of Thunderbird and SeaMonkey.
What platforms are impacted by CVE-2013-0780?
CVE-2013-0780 impacts multiple platforms including various Linux distributions such as openSUSE, Red Hat, and Ubuntu.
Can CVE-2013-0780 be exploited remotely?
Yes, CVE-2013-0780 can be exploited by remote attackers to execute arbitrary code on a vulnerable system.
- agent/type
- agent/severity
- agent/remedy
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- canonical/mozilla thunderbird esr
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- vendor/redhat
- canonical/redhat enterprise linux aus
- version/redhat enterprise linux aus/5.9
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/5.9
- version/redhat enterprise linux eus/6.3
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/5.0
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/5.0
- version/redhat enterprise linux workstation/6.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/11.10
- version/ubuntu linux/12.04
- version/ubuntu linux/12.10
- canonical/mozilla firefox and thunderbird
- canonical/open edx
- version/open edx/11.4
- version/open edx/12.1
- version/open edx/12.2
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.9
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/5.9
- version/red hat enterprise linux server eus/6.3
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- version/red hat enterprise linux server/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0
- version/red hat enterprise linux workstation/6.0
- canonical/debian
- version/debian/7.0