CVE-2013-5615
First published: Wed Dec 11 2013(Updated: )
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <26.0 | |
| Mozilla Firefox ESR | >=24.0<24.2 | |
| Mozilla SeaMonkey | <2.23 | |
| Mozilla Thunderbird | <24.2 | |
| Ubuntu | =12.04 | |
| Ubuntu | =12.10 | |
| Ubuntu | =13.04 | |
| Ubuntu | =13.10 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp3 | |
| openSUSE | =12.2 | |
| openSUSE | =12.3 | |
| openSUSE | =13.1 | |
| SUSE Linux Enterprise Desktop | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| Fedora | =18 | |
| Fedora | =19 | |
| Fedora | =20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
- http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-115.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1029470
- http://www.securitytracker.com/id/1029476
- http://www.ubuntu.com/usn/USN-2052-1
- http://www.ubuntu.com/usn/USN-2053-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=929261
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2013-5615?
CVE-2013-5615 has an unspecified impact that can potentially allow for remote attacks due to improper enforcement of type restrictions.
How do I fix CVE-2013-5615?
To mitigate CVE-2013-5615, update your Mozilla Firefox, Firefox ESR, Thunderbird, or SeaMonkey to the latest version available.
Which software versions are affected by CVE-2013-5615?
CVE-2013-5615 affects Mozilla Firefox versions before 26.0, Firefox ESR versions before 24.2, Thunderbird versions before 24.2, and SeaMonkey versions before 2.23.
Is CVE-2013-5615 related to a specific operating system?
CVE-2013-5615 impacts various applications on multiple operating systems, including Ubuntu Linux and SUSE Linux.
Can CVE-2013-5615 be exploited remotely?
Yes, CVE-2013-5615 can be exploited remotely due to the nature of the vulnerability in the JavaScript implementation.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- version/mozilla firefox esr/24.0
- canonical/mozilla seamonkey
- canonical/mozilla thunderbird
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/12.10
- version/ubuntu/13.04
- version/ubuntu/13.10
- vendor/suse
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11.0-sp3
- vendor/opensuse
- canonical/opensuse
- version/opensuse/12.2
- version/opensuse/12.3
- version/opensuse/13.1
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp3
- vendor/fedoraproject
- canonical/fedora
- version/fedora/18
- version/fedora/19
- version/fedora/20