CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.1%
Versions of SeaMonkey earlier than version 2.21 are prone to the following vulnerabilities:
use-after-free vulnerability in the Garbage Collector could allow a remote attacker to execute arbitrary code in the context of the user. (CVE-2013-1738)
user-defined getters on DOM proxies would incorrectly get the expando object when accessing the βthisβ object, which may not be directly exploitable but could lead to incorrect security sensitive decisions. (CVE-2013-1737)
Combining lists, floats, and multiple columns in a layout could trigger a potentially exploitable buffer overflow. (CVE-2013-1732)
Compartment mismatch when moving XBL-backed nodes into a new document can lead cause a crash (CVE-2013-1730)
uninitialized data and variables in the IonMonkey Javascript engine can be used with additional exploits to allow access to previously allocated memory (CVE-2013-1728)
the MAR update file is not write-locked when used by the Mozilla Updater, which can allow the altering of the MAR file content after its signature has been checked but before it has been used. (CVE-2013-1726)
Calling scope for new Javascript objects with compartments can lead to memory corruption (CVE-2013-1725)
A use-after-free vulnerability via the <select> element could lead to a potentially exploitable crash (CVE-2013-1724)
the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners, which can lead to an unexploitable crash (CVE-2013-1723)
Use-after-free in Animation Manager during stylesheet cloning can lead to a potentially exploitable crash (CVE-2013-1722)
An integer overflow in the Almost Native Graphics Layer Engine (ANGLE) can lead to a potentially exploitable crash (CVE-2013-1721)
Incorrectly stored stack information in the HTML5 Tree Builder can lead to code execution (CVE-2013-1720)
Various memory corruption vulnerabilities (CVE-2013-1735, CVE-2013-1736, CVE-2013-1718, CVE-2013-1719)
Binary data 8012.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1719
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1720
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1721
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1728
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1738
www.mozilla.org/security/announce/2013/mfsa2013-76.html
www.mozilla.org/security/announce/2013/mfsa2013-77.html
www.mozilla.org/security/announce/2013/mfsa2013-78.html
www.mozilla.org/security/announce/2013/mfsa2013-79.html
www.mozilla.org/security/announce/2013/mfsa2013-80.html
www.mozilla.org/security/announce/2013/mfsa2013-81.html
www.mozilla.org/security/announce/2013/mfsa2013-82.html
www.mozilla.org/security/announce/2013/mfsa2013-83.html
www.mozilla.org/security/announce/2013/mfsa2013-85.html
www.mozilla.org/security/announce/2013/mfsa2013-88.html
www.mozilla.org/security/announce/2013/mfsa2013-89.html
www.mozilla.org/security/announce/2013/mfsa2013-90.html
www.mozilla.org/security/announce/2013/mfsa2013-91.html
www.mozilla.org/security/announce/2013/mfsa2013-92.html