CVE-2013-5599: Use After Free
First published: Wed Oct 30 2013(Updated: )
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=24.0 | |
| Mozilla Firefox | =19.0 | |
| Mozilla Firefox | =19.0.1 | |
| Mozilla Firefox | =19.0.2 | |
| Mozilla Firefox | =20.0 | |
| Mozilla Firefox | =20.0.1 | |
| Mozilla Firefox | =21.0 | |
| Mozilla Firefox | =22.0 | |
| Mozilla Firefox | =23.0 | |
| Mozilla Firefox | =23.0.1 | |
| Mozilla SeaMonkey | <=2.22 | |
| Mozilla SeaMonkey | =2.0 | |
| Mozilla SeaMonkey | =2.0-alpha_1 | |
| Mozilla SeaMonkey | =2.0-alpha_2 | |
| Mozilla SeaMonkey | =2.0-alpha_3 | |
| Mozilla SeaMonkey | =2.0-beta_1 | |
| Mozilla SeaMonkey | =2.0-beta_2 | |
| Mozilla SeaMonkey | =2.0-rc1 | |
| Mozilla SeaMonkey | =2.0-rc2 | |
| Mozilla SeaMonkey | =2.0.1 | |
| Mozilla SeaMonkey | =2.0.2 | |
| Mozilla SeaMonkey | =2.0.3 | |
| Mozilla SeaMonkey | =2.0.4 | |
| Mozilla SeaMonkey | =2.0.5 | |
| Mozilla SeaMonkey | =2.0.6 | |
| Mozilla SeaMonkey | =2.0.7 | |
| Mozilla SeaMonkey | =2.0.8 | |
| Mozilla SeaMonkey | =2.0.9 | |
| Mozilla SeaMonkey | =2.0.10 | |
| Mozilla SeaMonkey | =2.0.11 | |
| Mozilla SeaMonkey | =2.0.12 | |
| Mozilla SeaMonkey | =2.0.13 | |
| Mozilla SeaMonkey | =2.0.14 | |
| Mozilla SeaMonkey | =2.1 | |
| Mozilla SeaMonkey | =2.1-alpha1 | |
| Mozilla SeaMonkey | =2.1-alpha2 | |
| Mozilla SeaMonkey | =2.1-alpha3 | |
| Mozilla SeaMonkey | =2.1-beta1 | |
| Mozilla SeaMonkey | =2.1-beta2 | |
| Mozilla SeaMonkey | =2.1-beta3 | |
| Mozilla SeaMonkey | =2.1-rc1 | |
| Mozilla SeaMonkey | =2.1-rc2 | |
| Mozilla SeaMonkey | =2.10 | |
| Mozilla SeaMonkey | =2.10-beta1 | |
| Mozilla SeaMonkey | =2.10-beta2 | |
| Mozilla SeaMonkey | =2.10-beta3 | |
| Mozilla SeaMonkey | =2.10.1 | |
| Mozilla SeaMonkey | =2.11 | |
| Mozilla SeaMonkey | =2.11-beta1 | |
| Mozilla SeaMonkey | =2.11-beta2 | |
| Mozilla SeaMonkey | =2.11-beta3 | |
| Mozilla SeaMonkey | =2.11-beta4 | |
| Mozilla SeaMonkey | =2.11-beta5 | |
| Mozilla SeaMonkey | =2.11-beta6 | |
| Mozilla SeaMonkey | =2.12 | |
| Mozilla SeaMonkey | =2.12-beta1 | |
| Mozilla SeaMonkey | =2.12-beta2 | |
| Mozilla SeaMonkey | =2.12-beta3 | |
| Mozilla SeaMonkey | =2.12-beta4 | |
| Mozilla SeaMonkey | =2.12-beta5 | |
| Mozilla SeaMonkey | =2.12-beta6 | |
| Mozilla SeaMonkey | =2.12.1 | |
| Mozilla SeaMonkey | =2.13 | |
| Mozilla SeaMonkey | =2.13-beta1 | |
| Mozilla SeaMonkey | =2.13-beta2 | |
| Mozilla SeaMonkey | =2.13-beta3 | |
| Mozilla SeaMonkey | =2.13-beta4 | |
| Mozilla SeaMonkey | =2.13-beta5 | |
| Mozilla SeaMonkey | =2.13-beta6 | |
| Mozilla SeaMonkey | =2.13.1 | |
| Mozilla SeaMonkey | =2.13.2 | |
| Mozilla SeaMonkey | =2.14 | |
| Mozilla SeaMonkey | =2.14-beta1 | |
| Mozilla SeaMonkey | =2.14-beta2 | |
| Mozilla SeaMonkey | =2.14-beta3 | |
| Mozilla SeaMonkey | =2.14-beta4 | |
| Mozilla SeaMonkey | =2.14-beta5 | |
| Mozilla SeaMonkey | =2.15 | |
| Mozilla SeaMonkey | =2.15-beta1 | |
| Mozilla SeaMonkey | =2.15-beta2 | |
| Mozilla SeaMonkey | =2.15-beta3 | |
| Mozilla SeaMonkey | =2.15-beta4 | |
| Mozilla SeaMonkey | =2.15-beta5 | |
| Mozilla SeaMonkey | =2.15-beta6 | |
| Mozilla SeaMonkey | =2.15.1 | |
| Mozilla SeaMonkey | =2.15.2 | |
| Mozilla SeaMonkey | =2.16 | |
| Mozilla SeaMonkey | =2.16-beta1 | |
| Mozilla SeaMonkey | =2.16-beta2 | |
| Mozilla SeaMonkey | =2.16-beta3 | |
| Mozilla SeaMonkey | =2.16-beta4 | |
| Mozilla SeaMonkey | =2.16-beta5 | |
| Mozilla SeaMonkey | =2.16.1 | |
| Mozilla SeaMonkey | =2.16.2 | |
| Mozilla SeaMonkey | =2.17 | |
| Mozilla SeaMonkey | =2.17-beta1 | |
| Mozilla SeaMonkey | =2.17-beta2 | |
| Mozilla SeaMonkey | =2.17-beta3 | |
| Mozilla SeaMonkey | =2.17-beta4 | |
| Mozilla SeaMonkey | =2.17.1 | |
| Mozilla SeaMonkey | =2.18-beta1 | |
| Mozilla SeaMonkey | =2.18-beta2 | |
| Mozilla SeaMonkey | =2.18-beta3 | |
| Mozilla SeaMonkey | =2.18-beta4 | |
| Mozilla SeaMonkey | =2.19 | |
| Mozilla SeaMonkey | =2.19-beta1 | |
| Mozilla SeaMonkey | =2.19-beta2 | |
| Mozilla SeaMonkey | =2.20 | |
| Mozilla SeaMonkey | =2.20-beta1 | |
| Mozilla SeaMonkey | =2.20-beta2 | |
| Mozilla SeaMonkey | =2.20-beta3 | |
| Mozilla SeaMonkey | =2.21-beta1 | |
| Mozilla SeaMonkey | =2.21-beta2 | |
| Mozilla SeaMonkey | =2.22-beta1 | |
| Mozilla Thunderbird ESR | =17.0 | |
| Mozilla Thunderbird ESR | =17.0.1 | |
| Mozilla Thunderbird ESR | =17.0.2 | |
| Mozilla Thunderbird ESR | =17.0.3 | |
| Mozilla Thunderbird ESR | =17.0.4 | |
| Mozilla Thunderbird ESR | =17.0.5 | |
| Mozilla Thunderbird ESR | =17.0.6 | |
| Mozilla Thunderbird ESR | =17.0.7 | |
| Mozilla Thunderbird ESR | =17.0.8 | |
| Mozilla Thunderbird ESR | =17.0.9 | |
| Mozilla Thunderbird | <=24.0.1 | |
| Mozilla Thunderbird | =17.0 | |
| Mozilla Thunderbird | =17.0.1 | |
| Mozilla Thunderbird | =17.0.2 | |
| Mozilla Thunderbird | =17.0.3 | |
| Mozilla Thunderbird | =17.0.4 | |
| Mozilla Thunderbird | =17.0.5 | |
| Mozilla Thunderbird | =17.0.6 | |
| Mozilla Thunderbird | =17.0.7 | |
| Mozilla Thunderbird | =17.0.8 | |
| Mozilla Thunderbird | =24.0 | |
| Mozilla Firefox | =17.0 | |
| Mozilla Firefox | =17.0.1 | |
| Mozilla Firefox | =17.0.2 | |
| Mozilla Firefox | =17.0.3 | |
| Mozilla Firefox | =17.0.4 | |
| Mozilla Firefox | =17.0.5 | |
| Mozilla Firefox | =17.0.6 | |
| Mozilla Firefox | =17.0.7 | |
| Mozilla Firefox | =17.0.8 | |
| Mozilla Firefox | =17.0.9 | |
| Mozilla Firefox | =24.0 | |
| Mozilla Firefox ESR | =24.0.1 | |
| Mozilla Firefox ESR | =24.0.2 | |
| Mozilla Firefox ESR | =17.0 | |
| Mozilla Firefox ESR | =17.0.1 | |
| Mozilla Firefox ESR | =17.0.2 | |
| Mozilla Firefox ESR | =17.0.3 | |
| Mozilla Firefox ESR | =17.0.4 | |
| Mozilla Firefox ESR | =17.0.5 | |
| Mozilla Firefox ESR | =17.0.6 | |
| Mozilla Firefox ESR | =17.0.7 | |
| Mozilla Firefox ESR | =17.0.8 | |
| Mozilla Firefox ESR | =17.0.9 | |
| Mozilla Firefox ESR | =24.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html
- http://rhn.redhat.com/errata/RHSA-2013-1476.html
- http://rhn.redhat.com/errata/RHSA-2013-1480.html
- http://www.debian.org/security/2013/dsa-2788
- http://www.debian.org/security/2013/dsa-2797
- http://www.mozilla.org/security/announce/2013/mfsa2013-100.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=915210
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19315
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2013-5599?
CVE-2013-5599 has a high severity rating due to the potential for exploitation leading to arbitrary code execution.
How do I fix CVE-2013-5599?
To fix CVE-2013-5599, update your Mozilla Firefox, Thunderbird, or SeaMonkey to versions 25.0 or later.
Which versions are affected by CVE-2013-5599?
CVE-2013-5599 affects Mozilla Firefox versions prior to 25.0, Thunderbird versions prior to 24.1, and SeaMonkey versions prior to 2.22.
What type of vulnerability is CVE-2013-5599?
CVE-2013-5599 is a use-after-free vulnerability that can potentially allow attackers to execute arbitrary code.
Who should be concerned about CVE-2013-5599?
Users of affected versions of Mozilla Firefox, Thunderbird, and SeaMonkey should be concerned and should upgrade to protect themselves.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/author
- agent/last-modified-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/24.0
- version/mozilla firefox/19.0
- version/mozilla firefox/19.0.1
- version/mozilla firefox/19.0.2
- version/mozilla firefox/20.0
- version/mozilla firefox/20.0.1
- version/mozilla firefox/21.0
- version/mozilla firefox/22.0
- version/mozilla firefox/23.0
- version/mozilla firefox/23.0.1
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.22
- version/mozilla seamonkey/2.0
- version/mozilla seamonkey/2.0-alpha_1
- version/mozilla seamonkey/2.0-alpha_2
- version/mozilla seamonkey/2.0-alpha_3
- version/mozilla seamonkey/2.0-beta_1
- version/mozilla seamonkey/2.0-beta_2
- version/mozilla seamonkey/2.0-rc1
- version/mozilla seamonkey/2.0-rc2
- version/mozilla seamonkey/2.0.1
- version/mozilla seamonkey/2.0.2
- version/mozilla seamonkey/2.0.3
- version/mozilla seamonkey/2.0.4
- version/mozilla seamonkey/2.0.5
- version/mozilla seamonkey/2.0.6
- version/mozilla seamonkey/2.0.7
- version/mozilla seamonkey/2.0.8
- version/mozilla seamonkey/2.0.9
- version/mozilla seamonkey/2.0.10
- version/mozilla seamonkey/2.0.11
- version/mozilla seamonkey/2.0.12
- version/mozilla seamonkey/2.0.13
- version/mozilla seamonkey/2.0.14
- version/mozilla seamonkey/2.1
- version/mozilla seamonkey/2.1-alpha1
- version/mozilla seamonkey/2.1-alpha2
- version/mozilla seamonkey/2.1-alpha3
- version/mozilla seamonkey/2.1-beta1
- version/mozilla seamonkey/2.1-beta2
- version/mozilla seamonkey/2.1-beta3
- version/mozilla seamonkey/2.1-rc1
- version/mozilla seamonkey/2.1-rc2
- version/mozilla seamonkey/2.10
- version/mozilla seamonkey/2.10-beta1
- version/mozilla seamonkey/2.10-beta2
- version/mozilla seamonkey/2.10-beta3
- version/mozilla seamonkey/2.10.1
- version/mozilla seamonkey/2.11
- version/mozilla seamonkey/2.11-beta1
- version/mozilla seamonkey/2.11-beta2
- version/mozilla seamonkey/2.11-beta3
- version/mozilla seamonkey/2.11-beta4
- version/mozilla seamonkey/2.11-beta5
- version/mozilla seamonkey/2.11-beta6
- version/mozilla seamonkey/2.12
- version/mozilla seamonkey/2.12-beta1
- version/mozilla seamonkey/2.12-beta2
- version/mozilla seamonkey/2.12-beta3
- version/mozilla seamonkey/2.12-beta4
- version/mozilla seamonkey/2.12-beta5
- version/mozilla seamonkey/2.12-beta6
- version/mozilla seamonkey/2.12.1
- version/mozilla seamonkey/2.13
- version/mozilla seamonkey/2.13-beta1
- version/mozilla seamonkey/2.13-beta2
- version/mozilla seamonkey/2.13-beta3
- version/mozilla seamonkey/2.13-beta4
- version/mozilla seamonkey/2.13-beta5
- version/mozilla seamonkey/2.13-beta6
- version/mozilla seamonkey/2.13.1
- version/mozilla seamonkey/2.13.2
- version/mozilla seamonkey/2.14
- version/mozilla seamonkey/2.14-beta1
- version/mozilla seamonkey/2.14-beta2
- version/mozilla seamonkey/2.14-beta3
- version/mozilla seamonkey/2.14-beta4
- version/mozilla seamonkey/2.14-beta5
- version/mozilla seamonkey/2.15
- version/mozilla seamonkey/2.15-beta1
- version/mozilla seamonkey/2.15-beta2
- version/mozilla seamonkey/2.15-beta3
- version/mozilla seamonkey/2.15-beta4
- version/mozilla seamonkey/2.15-beta5
- version/mozilla seamonkey/2.15-beta6
- version/mozilla seamonkey/2.15.1
- version/mozilla seamonkey/2.15.2
- version/mozilla seamonkey/2.16
- version/mozilla seamonkey/2.16-beta1
- version/mozilla seamonkey/2.16-beta2
- version/mozilla seamonkey/2.16-beta3
- version/mozilla seamonkey/2.16-beta4
- version/mozilla seamonkey/2.16-beta5
- version/mozilla seamonkey/2.16.1
- version/mozilla seamonkey/2.16.2
- version/mozilla seamonkey/2.17
- version/mozilla seamonkey/2.17-beta1
- version/mozilla seamonkey/2.17-beta2
- version/mozilla seamonkey/2.17-beta3
- version/mozilla seamonkey/2.17-beta4
- version/mozilla seamonkey/2.17.1
- version/mozilla seamonkey/2.18-beta1
- version/mozilla seamonkey/2.18-beta2
- version/mozilla seamonkey/2.18-beta3
- version/mozilla seamonkey/2.18-beta4
- version/mozilla seamonkey/2.19
- version/mozilla seamonkey/2.19-beta1
- version/mozilla seamonkey/2.19-beta2
- version/mozilla seamonkey/2.20
- version/mozilla seamonkey/2.20-beta1
- version/mozilla seamonkey/2.20-beta2
- version/mozilla seamonkey/2.20-beta3
- version/mozilla seamonkey/2.21-beta1
- version/mozilla seamonkey/2.21-beta2
- version/mozilla seamonkey/2.22-beta1
- canonical/mozilla thunderbird esr
- version/mozilla thunderbird esr/17.0
- version/mozilla thunderbird esr/17.0.1
- version/mozilla thunderbird esr/17.0.2
- version/mozilla thunderbird esr/17.0.3
- version/mozilla thunderbird esr/17.0.4
- version/mozilla thunderbird esr/17.0.5
- version/mozilla thunderbird esr/17.0.6
- version/mozilla thunderbird esr/17.0.7
- version/mozilla thunderbird esr/17.0.8
- version/mozilla thunderbird esr/17.0.9
- canonical/mozilla thunderbird
- version/mozilla thunderbird/24.0.1
- version/mozilla thunderbird/17.0
- version/mozilla thunderbird/17.0.1
- version/mozilla thunderbird/17.0.2
- version/mozilla thunderbird/17.0.3
- version/mozilla thunderbird/17.0.4
- version/mozilla thunderbird/17.0.5
- version/mozilla thunderbird/17.0.6
- version/mozilla thunderbird/17.0.7
- version/mozilla thunderbird/17.0.8
- version/mozilla thunderbird/24.0
- version/mozilla firefox/17.0
- version/mozilla firefox/17.0.1
- version/mozilla firefox/17.0.2
- version/mozilla firefox/17.0.3
- version/mozilla firefox/17.0.4
- version/mozilla firefox/17.0.5
- version/mozilla firefox/17.0.6
- version/mozilla firefox/17.0.7
- version/mozilla firefox/17.0.8
- version/mozilla firefox/17.0.9
- canonical/mozilla firefox esr
- version/mozilla firefox esr/24.0.1
- version/mozilla firefox esr/24.0.2
- version/mozilla firefox esr/17.0
- version/mozilla firefox esr/17.0.1
- version/mozilla firefox esr/17.0.2
- version/mozilla firefox esr/17.0.3
- version/mozilla firefox esr/17.0.4
- version/mozilla firefox esr/17.0.5
- version/mozilla firefox esr/17.0.6
- version/mozilla firefox esr/17.0.7
- version/mozilla firefox esr/17.0.8
- version/mozilla firefox esr/17.0.9
- version/mozilla firefox esr/24.0