Lucene search
Mozilla FoundationMFSA2013-11HistoryJan 08, 2013 - 12:00 a.m.
Address space layout leaked in XBL objects — Mozilla
2013-01-0800:00:00
Mozilla Foundation
www.mozilla.org
18
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.2%
Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections.
Affected configurations
Node
mozillafirefoxRange<18
ORmozillafirefox_esrRange<10.0.12
ORmozillafirefox_esrRange<17.0.2
ORmozillaseamonkeyRange<2.15
ORmozillathunderbirdRange<17.0.2
ORmozillathunderbird_esrRange<10.0.12
ORmozillathunderbird_esrRange<17.0.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 18 | |
| firefox esr | lt | 10.0.12 | |
| firefox esr | lt | 17.0.2 | |
| seamonkey | lt | 2.15 | |
| thunderbird | lt | 17.0.2 | |
| thunderbird esr | lt | 10.0.12 | |
| thunderbird esr | lt | 17.0.2 |
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-11) - Linux
2021-11-11 00:00:00
Mozilla Products Multiple Vulnerabilities (Jan 2013) - Windows
2013-01-16 00:00:00
Mozilla Products Multiple Vulnerabilities January13 (Mac OS X)
2013-01-16 00:00:00
ubuntucve
ubuntucve
CVE-2013-0748
2013-01-09 00:00:00
cvelist
cvelist
CVE-2013-0748
2013-01-13 20:00:00
cve
cve
CVE-2013-0748
2013-01-13 20:55:01
prion
prion
Authentication flaw
2013-01-13 20:55:00
nvd
nvd
CVE-2013-0748
2013-01-13 20:55:01
centos
centos
firefox, xulrunner security update
2013-01-09 05:51:05
thunderbird security update
2013-01-09 05:51:41
veracode
veracode
Out-Of-Bounds Read
2019-05-02 04:45:40
Use-After-Free
2019-05-02 04:45:40
Memory Corruption
2019-05-02 04:45:41
nessus
nessus
CentOS 5 / 6 : thunderbird (CESA-2013:0145)
2013-01-09 00:00:00
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)
2013-01-11 00:00:00
RHEL 5 / 6 : thunderbird (RHSA-2013:0145)
2013-01-09 00:00:00
redhat
redhat
(RHSA-2013:0145) Critical: thunderbird security update
2013-01-08 00:00:00
(RHSA-2013:0144) Critical: firefox security update
2013-01-08 00:00:00
oraclelinux
oraclelinux
firefox security update
2013-01-08 00:00:00
thunderbird security update
2013-01-08 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2013-02-13 23:04:32
Security update for Mozilla Firefox (important)
2013-02-18 18:04:29
Mozilla Januarys (important)
2013-01-23 14:04:54
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-01-10 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-01-09 00:00:00
Firefox regression
2013-01-22 00:00:00
Firefox vulnerabilities
2013-01-09 00:00:00
ibm
ibm
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-01-08 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.2%
Related for MFSA2013-11