10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.034 Low
EPSS
Percentile
91.4%
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 18 | |
firefox esr | lt | 10.0.11 | |
firefox esr | lt | 10.0.12 | |
firefox esr | lt | 17.0.2 | |
seamonkey | lt | 2.15 | |
thunderbird | lt | 17.0.2 | |
thunderbird esr | lt | 10.0.12 | |
thunderbird esr | lt | 17.0.2 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5829
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0771
bugzilla.mozilla.org/show_bug.cgi?id=780979
bugzilla.mozilla.org/show_bug.cgi?id=785555
bugzilla.mozilla.org/show_bug.cgi?id=787831
bugzilla.mozilla.org/show_bug.cgi?id=788959
bugzilla.mozilla.org/show_bug.cgi?id=791905
bugzilla.mozilla.org/show_bug.cgi?id=792305
bugzilla.mozilla.org/show_bug.cgi?id=803853
bugzilla.mozilla.org/show_bug.cgi?id=812161