CVE-2013-0780

2013-02-1923:55:00

CWE-416

[email protected]

web.nvd.nist.gov

cve-2013-0780

use after free

vulnerability

mozilla firefox

remote code execution

denial of service

nvd

css

heap memory corruption

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

89.0%

JSON

Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.

CPENameOperatorVersion
mozilla:thunderbird_esrmozilla thunderbird esrlt17.0.3
mozilla:thunderbirdmozilla thunderbirdlt17.0.3
mozilla:seamonkeymozilla seamonkeylt2.16
mozilla:firefox_esrmozilla firefox esrlt17.0.3
mozilla:firefoxmozilla firefoxlt19.0
opensuse:opensuseopensuseeq11.4
opensuse:opensuseopensuseeq12.2
opensuse:opensuseopensuseeq12.1
redhat:enterprise_linux_serverredhat enterprise linux servereq5.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq5.0

CPE	Name	Operator	Version
mozilla:thunderbird_esr	mozilla thunderbird esr	lt	17.0.3
mozilla:thunderbird	mozilla thunderbird	lt	17.0.3
mozilla:seamonkey	mozilla seamonkey	lt	2.16
mozilla:firefox_esr	mozilla firefox esr	lt	17.0.3
mozilla:firefox	mozilla firefox	lt	19.0
opensuse:opensuse	opensuse	eq	11.4
opensuse:opensuse	opensuse	eq	12.2
opensuse:opensuse	opensuse	eq	12.1
redhat:enterprise_linux_server	redhat enterprise linux server	eq	5.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	5.0