Use-after-free and buffer overflow issues found using Address Sanitizer — Mozilla

2013-01-0800:00:00

Mozilla Foundation

www.mozilla.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.4%

JSON

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release.

CPENameOperatorVersion
firefoxlt18
firefox esrlt10.0.11
firefox esrlt10.0.12
firefox esrlt17.0.2
seamonkeylt2.15
thunderbirdlt17.0.2
thunderbird esrlt10.0.12
thunderbird esrlt17.0.2

Name	Operator	Version
firefox	lt	18
firefox esr	lt	10.0.11
firefox esr	lt	10.0.12
firefox esr	lt	17.0.2
seamonkey	lt	2.15
thunderbird	lt	17.0.2
thunderbird esr	lt	10.0.12
thunderbird esr	lt	17.0.2