Vulnerabilities > CVE-2013-1675 - Improper Initialization vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_FIREFOX-20130628-130702.NASL description Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-49) Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. (MFSA 2013-50) - Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITab le. (CVE-2013-1684) - Heap-use-after-free in nsIDocument::GetRootElement. (CVE-2013-1685) - Heap-use-after-free in mozilla::ResetDir. (CVE-2013-1686) - Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. (MFSA 2013-51 / CVE-2013-1687) - Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. (MFSA 2013-53 / CVE-2013-1690) - Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests. (MFSA 2013-54 / CVE-2013-1692) - Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. (MFSA 2013-55 / CVE-2013-1693) - Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. (MFSA 2013-59 / CVE-2013-1697) - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-30) Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788) - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. (MFSA 2013-31 / CVE-2013-0800) - Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable. (MFSA 2013-32 / CVE-2013-0799) - Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. (MFSA 2013-34 / CVE-2013-0797) - Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. (MFSA 2013-35 / CVE-2013-0796) - Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser last seen 2020-06-05 modified 2013-07-18 plugin id 68949 published 2013-07-18 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68949 title SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1822-1.NASL description Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0801, CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). An attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1670) It was discovered that the file input element could expose the full local path under certain conditions. An attacker could potentially exploit this to steal sensitive information. (CVE-2013-1671) A use-after-free was discovered when resizing video content whilst it is playing. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-1674) It was discovered that some DOMSVGZoomEvent functions could be used without being properly initialized, which could lead to information leakage. (CVE-2013-1675) Abhishek Arya discovered multiple memory safety issues in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66442 published 2013-05-15 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66442 title Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1822-1) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_21.NASL description The installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by multiple vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - An information leakage exists because the file input control has access to the full path. (CVE-2013-1671) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some last seen 2020-06-01 modified 2020-06-02 plugin id 66476 published 2013-05-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66476 title Firefox < 21.0 Multiple Vulnerabilities (Mac OS X) NASL family Windows NASL id MOZILLA_FIREFOX_21.NASL description The installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - An information leakage exists because the file input control has access to the full path. (CVE-2013-1671) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some last seen 2020-06-01 modified 2020-06-02 plugin id 66480 published 2013-05-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66480 title Firefox < 21.0 Multiple Vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2720.NASL description Multiple security issues have been found in Icedove, Debian last seen 2020-03-17 modified 2013-07-07 plugin id 67201 published 2013-07-07 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67201 title Debian DSA-2720-1 : icedove - several vulnerabilities NASL family Windows NASL id MOZILLA_THUNDERBIRD_1706_ESR.NASL description The installed version of Thunderbird ESR 17.x is earlier than 17.0.6 and is, therefore, potentially affected the following vulnerabilities: - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some last seen 2020-06-01 modified 2020-06-02 plugin id 66482 published 2013-05-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66482 title Mozilla Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0821.NASL description From Red Hat Security Advisory 2013:0821 : An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-07-12 plugin id 68821 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68821 title Oracle Linux 6 : thunderbird (ELSA-2013-0821) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0821.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-05-15 plugin id 66430 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66430 title CentOS 5 / 6 : thunderbird (CESA-2013:0821) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_17_0_6_ESR.NASL description The installed version of Thunderbird ESR 17.x is prior to 17.0.6 and is, therefore, potentially affected the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some last seen 2020-06-01 modified 2020-06-02 plugin id 66478 published 2013-05-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66478 title Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0821.NASL description An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-05-15 plugin id 66438 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66438 title RHEL 5 / 6 : thunderbird (RHSA-2013:0821) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2699.NASL description Multiple security issues have been found in Iceweasel, Debian last seen 2020-03-17 modified 2013-06-03 plugin id 66766 published 2013-06-03 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66766 title Debian DSA-2699-1 : iceweasel - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0820.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-05-15 plugin id 66437 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66437 title RHEL 5 / 6 : firefox (RHSA-2013:0820) NASL family Scientific Linux Local Security Checks NASL id SL_20130514_FIREFOX_ON_SL5_X.NASL description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-03-18 modified 2013-05-16 plugin id 66460 published 2013-05-16 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66460 title Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130514) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4A1CA8A4BD8211E2B7A0D43D7E0C7C02.NASL description The Mozilla Project reports : MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) MFSA 2013-42 Privileged access for content level constructor MFSA 2013-43 File input control has access to full path MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries MFSA 2013-46 Use-after-free with video and onresize event MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent MFSA 2013-48 Memory corruption found using Address Sanitizer last seen 2020-06-01 modified 2020-06-02 plugin id 66455 published 2013-05-16 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66455 title FreeBSD : mozilla -- multiple vulnerabilities (4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-448.NASL description Mozilla xulrunner was updated to 17.0.6esr (bnc#819204) - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer last seen 2020-06-05 modified 2014-06-13 plugin id 75014 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75014 title openSUSE Security Update : xulrunner (openSUSE-SU-2013:0929-1) NASL family Windows NASL id MOZILLA_THUNDERBIRD_1706.NASL description The installed version of Thunderbird 17.x is a version prior to 17.0.5 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some last seen 2020-06-01 modified 2020-06-02 plugin id 66481 published 2013-05-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66481 title Mozilla Thunderbird 17.x < 17.0.5 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_17_0_6.NASL description The installed version of Thunderbird is earlier than 17.0.6 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some last seen 2020-06-01 modified 2020-06-02 plugin id 66477 published 2013-05-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66477 title Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X) NASL family Scientific Linux Local Security Checks NASL id SL_20130514_THUNDERBIRD_ON_SL5_X.NASL description Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. After installing the update, Thunderbird must be restarted for the changes to take effect. last seen 2020-03-18 modified 2013-05-16 plugin id 66461 published 2013-05-16 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66461 title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130514) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-447.NASL description MozillaThunderbird was updated to security update Thunderbird 17.0.6 (bnc#819204) : - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer last seen 2020-06-05 modified 2014-06-13 plugin id 75013 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75013 title openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0894-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-23.NASL description The remote host is affected by the vulnerability described in GLSA-201309-23 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Further, a remote attacker could conduct XSS attacks, spoof URLs, bypass address space layout randomization, conduct clickjacking attacks, obtain potentially sensitive information, bypass access restrictions, modify the local filesystem, or conduct other unspecified attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70183 published 2013-09-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70183 title GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_17_0_6_ESR.NASL description The installed version of Firefox ESR 17.x is earlier than 17.0.6 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some last seen 2020-06-01 modified 2020-06-02 plugin id 66475 published 2013-05-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66475 title Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0820.NASL description Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 66429 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66429 title CentOS 5 / 6 : firefox (CESA-2013:0820) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-438.NASL description MozillaFirefox was updated to Firefox 21.0 (bnc#819204) - MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards - MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor - MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path - MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event - MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent - MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer Changes in MozillaFirefox-branding-openSUSE : - modified file locations for Firefox 21 and above - added DuckDuckGo as search option (bnc#801121) last seen 2020-06-05 modified 2014-06-13 plugin id 75009 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75009 title openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:0946-1) NASL family Windows NASL id MOZILLA_FIREFOX_1706_ESR.NASL description The installed version of Firefox ESR 17.x is earlier than 17.0.6, and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. (CVE-2013-0801) - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670) - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672) - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674) - Some last seen 2020-06-01 modified 2020-06-02 plugin id 66479 published 2013-05-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66479 title Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1823-1.NASL description Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-0801, CVE-2013-1669) Cody Crews discovered that some constructors could be used to bypass restrictions enforced by their Chrome Object Wrapper (COW). If a user had scripting enabled, an attacker could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1670) A use-after-free was discovered when resizing video content whilst it is playing. If a user had scripting enabled, an attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1674) It was discovered that some DOMSVGZoomEvent functions could be used without being properly initialized, which could lead to information leakage. (CVE-2013-1675) Abhishek Arya discovered multiple memory safety issues in Thunderbird. If the user were tricked into opening a specially crafted message, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66443 published 2013-05-15 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66443 title Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1823-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0820.NASL description From Red Hat Security Advisory 2013:0820 : Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. last seen 2020-05-31 modified 2013-07-12 plugin id 68820 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68820 title Oracle Linux 5 / 6 : firefox (ELSA-2013-0820)
Oval
accepted | 2014-10-06T04:02:23.454-04:00 | ||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||
description | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | ||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:16976 | ||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||
submitted | 2013-05-13T10:26:26.748+04:00 | ||||||||||||||||||||||||||||||||||||||||
title | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent sensitive information from process memory via a crafted web site. | ||||||||||||||||||||||||||||||||||||||||
version | 32 |
Redhat
advisories |
| ||||||||
rpms |
|
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=866825
- http://www.mozilla.org/security/announce/2013/mfsa2013-47.html
- http://www.ubuntu.com/usn/USN-1822-1
- http://rhn.redhat.com/errata/RHSA-2013-0821.html
- http://rhn.redhat.com/errata/RHSA-2013-0820.html
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
- http://www.ubuntu.com/usn/USN-1823-1
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
- http://www.debian.org/security/2013/dsa-2699
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
- http://www.securityfocus.com/bid/59858
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976