Lucene search
Mozilla FoundationMFSA2013-95HistoryOct 29, 2013 - 12:00 a.m.
Access violation with XSLT and uninitialized data — Mozilla
2013-10-2900:00:00
Mozilla Foundation
www.mozilla.org
29
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.047 Low
EPSS
Percentile
92.6%
Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash.
Affected configurations
Node
mozillafirefoxRange<25
ORmozillafirefox_esrRange<17.0.10
ORmozillafirefox_esrRange<24.1
ORmozillaseamonkeyRange<2.22
ORmozillathunderbirdRange<24.1
ORmozillathunderbird_esrRange<17.0.10
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 25 | |
| firefox esr | lt | 17.0.10 | |
| firefox esr | lt | 24.1 | |
| seamonkey | lt | 2.22 | |
| thunderbird | lt | 24.1 | |
| thunderbird esr | lt | 17.0.10 |
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-95) - Linux
2021-11-11 00:00:00
Debian Security Advisory DSA 2797-1 (icedove - several vulnerabilities)
2013-11-13 00:00:00
CentOS Update for thunderbird CESA-2013:1480 centos5
2013-11-08 00:00:00
cvelist
cvelist
CVE-2013-5604
2013-10-30 10:00:00
cve
cve
CVE-2013-5604
2013-10-30 10:55:04
ubuntucve
ubuntucve
CVE-2013-5604
2013-10-29 00:00:00
prion
prion
Stack overflow
2013-10-30 10:55:00
nvd
nvd
CVE-2013-5604
2013-10-30 10:55:04
redhat
redhat
(RHSA-2013:1480) Important: thunderbird security update
2013-10-30 00:00:00
(RHSA-2013:1476) Critical: firefox security update
2013-10-29 00:00:00
centos
centos
thunderbird security update
2013-10-30 22:19:56
firefox, xulrunner security update
2013-10-30 04:12:01
mageia
mageia
Updated thunderbird package fixes security vulnerabilities
2013-11-18 18:39:59
Updated firefox & related packages fix multiple security vulnerabilities
2013-11-09 22:55:13
Updated iceape packages fix many vulnerabilities
2013-11-21 00:16:49
nessus
nessus
Oracle Linux 5 / 6 : firefox (ELSA-2013-1476)
2013-10-30 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2013-1480)
2013-10-31 00:00:00
Debian DSA-2788-1 : iceweasel - several vulnerabilities
2013-11-01 00:00:00
debian
debian
[SECURITY] [DSA 2797-1] icedove security update
2013-11-13 21:44:43
[SECURITY] [DSA 2788-1] iceweasel security update
2013-10-31 08:03:44
veracode
veracode
Use After Free
2019-05-02 04:56:51
Stack-based Buffer Overflow
2019-05-02 04:56:51
Memory Corruption
2019-05-02 04:56:51
oraclelinux
oraclelinux
thunderbird security update
2013-10-30 00:00:00
firefox security update
2013-10-29 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-11-15 03:04:14
Mozilla updates 10/2013 (important)
2013-11-07 11:04:15
Mozilla Suite: Update to October 2013 release (important)
2013-11-07 10:04:11
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-10-31 00:00:00
Firefox vulnerabilities
2013-10-29 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-10-29 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-11-05 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.047 Low
EPSS
Percentile
92.6%
Related for MFSA2013-95