First published: Thu May 16 2013(Updated: )
The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Firefox | <=20.0.1 | |
Firefox | =19.0 | |
Firefox | =19.0.1 | |
Firefox | =19.0.2 | |
Firefox | =20.0 | |
Firefox | =17.0 | |
Firefox | =17.0.1 | |
Firefox | =17.0.2 | |
Firefox | =17.0.3 | |
Firefox | =17.0.4 | |
Firefox | =17.0.5 | |
Thunderbird | <=17.0.5 | |
Thunderbird | =17.0 | |
Thunderbird | =17.0.1 | |
Thunderbird | =17.0.2 | |
Thunderbird | =17.0.3 | |
Thunderbird | =17.0.4 | |
Mozilla Thunderbird | =17.0 | |
Mozilla Thunderbird | =17.0.1 | |
Mozilla Thunderbird | =17.0.2 | |
Mozilla Thunderbird | =17.0.3 | |
Mozilla Thunderbird | =17.0.4 | |
Mozilla Thunderbird | =17.0.5 | |
Firefox ESR | =17.0 | |
Firefox ESR | =17.0.1 | |
Firefox ESR | =17.0.2 | |
Firefox ESR | =17.0.3 | |
Firefox ESR | =17.0.4 | |
Firefox ESR | =17.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-1678 has a critical severity rating due to its potential to allow remote code execution and denial of service.
To fix CVE-2013-1678, users should update to the latest version of Mozilla Firefox or Thunderbird to ensure they have the security patches.
CVE-2013-1678 affects Mozilla Firefox versions prior to 21.0, Firefox ESR 17.x before 17.0.6, and Thunderbird versions before 17.0.6.
Yes, CVE-2013-1678 can be exploited by remote attackers to execute arbitrary code.
CVE-2013-1678 affects platforms running vulnerable versions of Mozilla Firefox and Thunderbird on various operating systems.