Vulnerabilities > CVE-2013-0779 - Out-Of-Bounds Read vulnerability in multiple products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
mozilla
opensuse
canonical
CWE-125
critical
nessus

Summary

The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Mozilla
620
OS
Opensuse
3
OS
Canonical
4

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_190.NASL
    descriptionThe installed version of Firefox is earlier than 19.0 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id64723
    published2013-02-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64723
    titleFirefox < 19.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_1703.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0.3 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id64724
    published2013-02-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64724
    titleMozilla Thunderbird < 17.0.3 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idSEAMONKEY_216.NASL
    descriptionThe installed version of SeaMonkey is earlier than 2.16 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id64726
    published2013-02-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64726
    titleSeaMonkey < 2.16 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1729-1.NASL
    descriptionOlli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. (CVE-2013-0783, CVE-2013-0784) Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. (CVE-2013-0772) Boris Zbarsky discovered that Firefox did not properly handle some wrapped WebIDL objects. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0765) Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0773) Frederik Braun that Firefox made the location of the active browser profile available to JavaScript workers. (CVE-2013-0774) A use-after-free vulnerability was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0775) Michal Zalewski discovered that Firefox would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0776) Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id64698
    published2013-02-20
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64698
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1729-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-141.NASL
    descriptionMozillaFirefox was updated to Firefox 19.0 (bnc#804248) MozillaThunderbird was updated to Thunderbird 17.0.3 (bnc#804248) seamonkey was updated to SeaMonkey 2.16 (bnc#804248) xulrunner was updated to 17.0.3esr (bnc#804248) chmsee was updated to version 2.0. Changes in MozillaFirefox 19.0 : - MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards - MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering - MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches - mozilla-webrtc.patch - mozilla-gstreamer-803287.patch - added patch to fix session restore window order (bmo#712763) - update to Firefox 18.0.2 - blocklist and CTP updates - fixes in JS engine - update to Firefox 18.0.1 - blocklist updates - backed out bmo#677092 (removed patch) - fixed problems involving HTTP proxy transactions - Fix WebRTC to build on powerpc Changes in MozillaThunderbird : - update to Thunderbird 17.0.3 (bnc#804248) - MFSA 2013-21/CVE-2013-0783 Miscellaneous memory safety hazards - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - update Enigmail to 1.5.1 - The release fixes the regressions found in the past few weeks Changes in seamonkey : - update to SeaMonkey 2.16 (bnc#804248) - MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards - MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering - MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again - MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers - MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers - MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent - MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy - MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches - mozilla-webrtc.patch - mozilla-gstreamer-803287.patch - update to SeaMonkey 2.15.2 - Applications could not be removed from the
    last seen2020-06-05
    modified2014-06-13
    plugin id74898
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74898
    titleopenSUSE Security Update : Mozilla (openSUSE-SU-2013:0323-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_19_0.NASL
    descriptionThe installed version of Firefox 18.x is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id64719
    published2013-02-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64719
    titleFirefox 18.x Multiple Vulnerabilities (Mac OS X)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1729-2.NASL
    descriptionUSN-1729-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in freezes and crashes when using multiple tabs with images displayed. This update fixes the problem. We apologize for the inconvenience. Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. (CVE-2013-0783, CVE-2013-0784) Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. (CVE-2013-0772) Boris Zbarsky discovered that Firefox did not properly handle some wrapped WebIDL objects. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0765) Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0773) Frederik Braun discovered that Firefox made the location of the active browser profile available to JavaScript workers. (CVE-2013-0774) A use-after-free vulnerability was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0775) Michal Zalewski discovered that Firefox would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0776) Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id64967
    published2013-03-01
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64967
    titleUbuntu 11.10 / 12.04 LTS / 12.10 : firefox regression (USN-1729-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1748-1.NASL
    descriptionBobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0773) Frederik Braun discovered that Thunderbird made the location of the active browser profile available to JavaScript workers. Scripting for Thunderbird is disabled by default in Ubuntu. (CVE-2013-0774) A use-after-free vulnerability was discovered in Thunderbird. An attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird if scripting were enabled. (CVE-2013-0775) Michal Zalewski discovered that Thunderbird would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks if scripting were enabled. (CVE-2013-0776) Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782) Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Thunderbird. If a user had scripting enabled and was tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. (CVE-2013-0783, CVE-2013-0784). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id64892
    published2013-02-26
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64892
    titleUbuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1748-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201309-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70183
    published2013-09-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70183
    titleGLSA-201309-23 : Mozilla Products: Multiple vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_THUNDERBIRD_17_0_3.NASL
    descriptionThe installed version of Thunderbird is earlier than 17.0.3 and thus, is potentially affected by the following security issues : - Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id64720
    published2013-02-20
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64720
    titleThunderbird < 17.0.3 Multiple Vulnerabilities (Mac OS X)

Oval

accepted2014-10-06T04:02:03.907-04:00
classvulnerability
contributors
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameRichard Helbing
    organizationbaramundi software
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
  • nameEvgeniy Pavlov
    organizationALTX-SOFT
definition_extensions
  • commentMozilla Seamonkey is installed
    ovaloval:org.mitre.oval:def:6372
  • commentMozilla Thunderbird Mainline release is installed
    ovaloval:org.mitre.oval:def:22093
  • commentMozilla Firefox Mainline release is installed
    ovaloval:org.mitre.oval:def:22259
descriptionThe nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
familywindows
idoval:org.mitre.oval:def:16747
statusaccepted
submitted2013-05-13T10:26:26.748+04:00
titleThe nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
version39