Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 11.10 | |
ubuntu_linux | eq | 12.10 | |
ubuntu_linux | eq | 12.04 | |
ubuntu_linux | eq | 10.04 | |
firefox | lt | 18.0 | |
firefox_esr | lt | 17.0.2 | |
seamonkey | lt | 2.15 | |
thunderbird | lt | 17.0.2 | |
thunderbird_esr | lt | 17.0.2 | |
opensuse | eq | 11.4 |
lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
www.mozilla.org/security/announce/2013/mfsa2013-13.html
www.ubuntu.com/usn/USN-1681-1
www.ubuntu.com/usn/USN-1681-2
www.ubuntu.com/usn/USN-1681-4
bugzilla.mozilla.org/show_bug.cgi?id=805024
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16694