Vulnerabilities > CVE-2013-0787 - Resource Management Errors vulnerability in Mozilla products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id MOZILLA_FIREFOX_1902.NASL description The installed version of Firefox is earlier than 19.0.2, and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65131 published 2013-03-08 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65131 title Firefox < 19.0.2 nsHTMLEditor Use-After-Free code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(65131); script_version("1.9"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_cve_id("CVE-2013-0787"); script_bugtraq_id(58391); script_name(english:"Firefox < 19.0.2 nsHTMLEditor Use-After-Free"); script_summary(english:"Checks version of Firefox"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host contains a web browser that is potentially affected by a use-after-free vulnerability." ); script_set_attribute( attribute:"description", value: "The installed version of Firefox is earlier than 19.0.2, and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/526050/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-090/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-29/"); script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 19.0.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item_or_exit("SMB/transport"); installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:FALSE, fix:'19.0.2', severity:SECURITY_HOLE);NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0614.NASL description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65167 published 2013-03-10 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65167 title CentOS 5 / 6 : xulrunner (CESA-2013:0614) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0614 and # CentOS Errata and Security Advisory 2013:0614 respectively. # include("compat.inc"); if (description) { script_id(65167); script_version("1.16"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2013-0787"); script_bugtraq_id(58391); script_xref(name:"RHSA", value:"2013:0614"); script_name(english:"CentOS 5 / 6 : xulrunner (CESA-2013:0614)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2013-March/019273.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7d1be364" ); # https://lists.centos.org/pipermail/centos-announce/2013-March/019636.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?947540f2" ); script_set_attribute( attribute:"solution", value:"Update the affected xulrunner packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0787"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xulrunner-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"xulrunner-17.0.3-2.el5_9")) flag++; if (rpm_check(release:"CentOS-5", reference:"xulrunner-devel-17.0.3-2.el5_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"xulrunner-17.0.3-2.el6.centos")) flag++; if (rpm_check(release:"CentOS-6", reference:"xulrunner-devel-17.0.3-2.el6.centos")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xulrunner / xulrunner-devel"); }NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_17_0_4_ESR.NASL description The installed version of Firefox ESR 17.x is earlier than 17.0.4 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65128 published 2013-03-08 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65128 title Firefox ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(65128); script_version("1.11"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id("CVE-2013-0787"); script_bugtraq_id(58391); script_name(english:"Firefox ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free (Mac OS X)"); script_summary(english:"Checks version of Firefox"); script_set_attribute( attribute:"synopsis", value: "The remote Mac OS X host contains a web browser that is potentially affected by a use-after-free vulnerability." ); script_set_attribute( attribute:"description", value: "The installed version of Firefox ESR 17.x is earlier than 17.0.4 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function 'document.execCommand' while internal editor operations are running. The previously freed memory can be dereferenced and could lead to arbitrary code execution." ); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/526050/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-13-090/"); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-29/"); script_set_attribute(attribute:"solution", value:"Upgrade to Firefox 17.0.4 ESR or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("macosx_firefox_installed.nasl"); script_require_keys("MacOSX/Firefox/Installed"); exit(0); } include("mozilla_version.inc"); kb_base = "MacOSX/Firefox"; get_kb_item_or_exit(kb_base+"/Installed"); version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1); path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1); if (isnull(get_kb_item(kb_base + '/is_esr'))) audit(AUDIT_NOT_INST, 'Mozilla Firefox ESR'); mozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'17.0.4', min:'17.0', severity:SECURITY_HOLE);NASL family SuSE Local Security Checks NASL id SUSE_FIREFOX-201303-8506.NASL description MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes : - VUPEN Security, via TippingPoint last seen 2020-06-05 modified 2013-03-17 plugin id 65598 published 2013-03-17 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65598 title SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(65598); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-0765", "CVE-2013-0772", "CVE-2013-0773", "CVE-2013-0774", "CVE-2013-0775", "CVE-2013-0776", "CVE-2013-0780", "CVE-2013-0782", "CVE-2013-0783", "CVE-2013-0787"); script_name(english:"SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8506)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes : - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. (MFSA 2013-29 / CVE-2013-0787) The Firefox 17.0.3ESR release also contains lots of security fixes : - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and buffer overflow problems rated as low to critical security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting four additional use-after-free and out of bounds write flaws introduced during Firefox development that were fixed before general release. (MFSA 2013-28) The following issues have been fixed in Firefox 19 and ESR 17.0.3 : - Heap-use-after-free in nsOverflowContinuationTracker::Finish, with -moz-columns. (CVE-2013-0780) - Heap-buffer-overflow WRITE in nsSaveAsCharset::DoCharsetConversion. (CVE-2013-0782) - Google security researcher Michal Zalewski reported an issue where the browser displayed the content of a proxy's 407 response if a user canceled the proxy's authentication prompt. In this circumstance, the addressbar will continue to show the requested site's address, including HTTPS addresses that appear to be secure. This spoofing of addresses can be used for phishing attacks by fooling users into entering credentials, for example. (MFSA 2013-27 / CVE-2013-0776) - Security researcher Nils reported a use-after-free in nsImageLoadingContent when content script is executed. This could allow for arbitrary code execution. (MFSA 2013-26 / CVE-2013-0775) - Mozilla security researcher Frederik Braun discovered that since Firefox 15 the file system location of the active browser profile was available to JavaScript workers. While not dangerous by itself, this could potentially be combined with other vulnerabilities to target the profile in an attack. (MFSA 2013-25 / CVE-2013-0774) - Mozilla developer Bobby Holley discovered that it was possible to bypass some protections in Chrome Object Wrappers (COW) and System Only Wrappers (SOW), making their prototypes mutable by web content. This could be used leak information from chrome objects and possibly allow for arbitrary code execution. (MFSA 2013-24 / CVE-2013-0773) - Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases. (MFSA 2013-23 / CVE-2013-0765) - Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found an out-of-bounds read while rendering GIF format images. This could cause a non-exploitable crash and could also attempt to render normally inaccesible data as part of the image. (MFSA 2013-22 / CVE-2013-0772) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-21) Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, and Wayne Mery reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 18. - Memory safety bugs fixed in Firefox ESR 17.0.3, and Firefox 19. (CVE-2013-0783)" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-21.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-21/" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-22.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-22/" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-23.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-23/" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-24.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-24/" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-25.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-25/" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-26.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-26/" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-27.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-27/" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-28.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-28/" ); # http://www.mozilla.org/security/announce/2013/mfsa2013-29.html script_set_attribute( attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2013-29/" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0765.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0772.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0773.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0774.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0775.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0776.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0780.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0782.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0783.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-0787.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8506."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-17.0.4esr-0.7.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-branding-SLED-7-0.10.4")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"MozillaFirefox-translations-17.0.4esr-0.7.1")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mhtml-firefox-0.5-1.13.4")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nspr-4.9.4-0.6.3")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nspr-devel-4.9.4-0.6.3")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-3.14.1-0.6.3")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-devel-3.14.1-0.6.3")) flag++; if (rpm_check(release:"SLED10", sp:4, reference:"mozilla-nss-tools-3.14.1-0.6.3")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-0.6.3")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-0.6.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-17.0.4esr-0.7.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-branding-SLED-7-0.10.4")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"MozillaFirefox-translations-17.0.4esr-0.7.1")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nspr-4.9.4-0.6.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nspr-devel-4.9.4-0.6.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-3.14.1-0.6.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-devel-3.14.1-0.6.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"mozilla-nss-tools-3.14.1-0.6.3")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.9.4-0.6.3")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"mozilla-nss-32bit-3.14.1-0.6.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0627.NASL description From Red Hat Security Advisory 2013:0627 : An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-07-12 plugin id 68787 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68787 title Oracle Linux 6 : thunderbird (ELSA-2013-0627) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0627.NASL description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-03-13 plugin id 65226 published 2013-03-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65226 title CentOS 5 / 6 : thunderbird (CESA-2013:0627) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2699.NASL description Multiple security issues have been found in Iceweasel, Debian last seen 2020-03-17 modified 2013-06-03 plugin id 66766 published 2013-06-03 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66766 title Debian DSA-2699-1 : iceweasel - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0627.NASL description An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-03-12 plugin id 65205 published 2013-03-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65205 title RHEL 5 / 6 : thunderbird (RHSA-2013:0627) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_17_0_4.NASL description The installed version of Thunderbird 17.x is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65189 published 2013-03-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65189 title Thunderbird 17.x < 17.0.4 nsHTMLEditor Use-After-Free (Mac OS X) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_19_0_2.NASL description The installed version of Firefox is earlier than 19.0.2 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65129 published 2013-03-08 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65129 title Firefox < 19.0.2 nsHTMLEditor Use-After-Free (Mac OS X) NASL family Windows NASL id MOZILLA_THUNDERBIRD_1704.NASL description The installed version of Thunderbird is earlier than 17.0.4 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65191 published 2013-03-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65191 title Mozilla Thunderbird < 17.0.4 nsHTMLEditor Use-After-Free NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-208.NASL description seamonkey was updated to version 2.16.1 fixing a severe security issue. - MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor last seen 2020-06-05 modified 2014-06-13 plugin id 74924 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74924 title openSUSE Security Update : seamonkey (openSUSE-SU-2013:0468-1) NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX-201303-130311.NASL description Mozilla Firefox has been updated to the 17.0.4ESR release which fixes one important security issue : - VUPEN Security, via TippingPoint last seen 2020-06-05 modified 2013-03-17 plugin id 65596 published 2013-03-17 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65596 title SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7464) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-206.NASL description Mozilla Firefox was updated to 19.0.2 (bnc#808243) fixing : - MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor could be used for code execution - blocklist updates last seen 2020-06-05 modified 2014-06-13 plugin id 74922 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74922 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:0467-1) NASL family Windows NASL id MOZILLA_FIREFOX_1704_ESR.NASL description The installed version of Firefox ESR 17.x is earlier than 17.0.4, and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65130 published 2013-03-08 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65130 title Firefox ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free NASL family Scientific Linux Local Security Checks NASL id SL_20130311_THUNDERBIRD_ON_SL5_X.NASL description A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Note: This issue cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-03-18 modified 2013-03-13 plugin id 65242 published 2013-03-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65242 title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130311) NASL family Scientific Linux Local Security Checks NASL id SL_20130308_XULRUNNER_ON_SL5_X.NASL description A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-03-18 modified 2013-03-10 plugin id 65174 published 2013-03-10 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65174 title Scientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64 (20130308) NASL family Windows NASL id MOZILLA_THUNDERBIRD_1704_ESR.NASL description The installed version of Thunderbird ESR 17.x is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65192 published 2013-03-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65192 title Mozilla Thunderbird ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_630C8C08880F11E2807FD43D7E0C7C02.NASL description The Mozilla Project reports : MFSA 2013-29 Use-after-free in HTML Editor last seen 2020-06-01 modified 2020-06-02 plugin id 65185 published 2013-03-11 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65185 title FreeBSD : mozilla -- use-after-free in HTML Editor (630c8c08-880f-11e2-807f-d43d7e0c7c02) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1758-1.NASL description It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65104 published 2013-03-09 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65104 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerability (USN-1758-1) NASL family Windows NASL id SEAMONKEY_2161.NASL description The installed version of SeaMonkey is earlier than 2.16.1 and thus, is potentially affected by a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65187 published 2013-03-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65187 title SeaMonkey < 2.16.1 nsHTMLEditor Use-After-Free NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-23.NASL description The remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70183 published 2013-09-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70183 title GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-207.NASL description MozillaThunderbird was updated to 17.0.4 (bnc#808243) - MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor last seen 2020-06-05 modified 2014-06-13 plugin id 74923 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74923 title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0465-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-209.NASL description xulrunner was updated to 17.0.4esr (bnc#808243) to fix a important security issue : - MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor last seen 2020-06-05 modified 2014-06-13 plugin id 74925 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74925 title openSUSE Security Update : xulrunner (openSUSE-SU-2013:0466-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1758-2.NASL description USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65250 published 2013-03-13 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65250 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerability (USN-1758-2) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_17_0_4_ESR.NASL description The installed version of Thunderbird ESR 17.x is potentially affected a use-after-free vulnerability. An error exists in the HTML editor (nsHTMLEditor) related to content script and the calling of the function last seen 2020-06-01 modified 2020-06-02 plugin id 65190 published 2013-03-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65190 title Thunderbird ESR 17.x < 17.0.4 nsHTMLEditor Use-After-Free (Mac OS X) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0614.NASL description Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 65173 published 2013-03-10 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65173 title RHEL 5 / 6 : xulrunner (RHSA-2013:0614) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0614.NASL description From Red Hat Security Advisory 2013:0614 : Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68783 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68783 title Oracle Linux 5 / 6 : xulrunner (ELSA-2013-0614)
Oval
| accepted | 2014-10-06T04:02:02.820-04:00 | ||||||||||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||
| description | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||||||||||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:16737 | ||||||||||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||||||||||
| submitted | 2013-05-13T10:26:26.748+04:00 | ||||||||||||||||||||||||||||||||||||||||||||
| title | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||||||||||||||||||||||||||||||||||||||||||||
| version | 34 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html
- http://rhn.redhat.com/errata/RHSA-2013-0614.html
- http://rhn.redhat.com/errata/RHSA-2013-0627.html
- http://twitter.com/thezdi/statuses/309484730506698752
- http://twitter.com/VUPEN/statuses/309505403631325184
- http://www.debian.org/security/2013/dsa-2699
- http://www.mozilla.org/security/announce/2013/mfsa2013-29.html
- http://www.securityfocus.com/bid/58391
- http://www.ubuntu.com/usn/USN-1758-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=848644
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737