Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:2811EA9ABEDD82774492B8C4654CBCAD
HistoryOct 17, 2013 - 12:00 a.m.

Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability

2013-10-1700:00:00
SAINT Corporation
download.saintcorporation.com
27

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.5%

JSON

Added: 10/17/2013
CVE: CVE-2013-0753
BID: 57209
OSVDB: 89021

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

Mozilla Firefox prior to 18.0 contains a use-after-free error in the **XMLSerializer** when the **serializeToStream** method is used. A remote attacker who persuades a user to open a crafted web page could execute arbitrary code in the context of the user running the browser.

Resolution

Upgrade to Mozilla Firefox 18.0 or newer.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-006/&gt;
<http://www.mozilla.org/security/announce/2013/mfsa2013-16.html&gt;

Limitations

This exploit was tested against Mozilla Firefox 17.0.1 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in a vulnerable version of Firefox.

Platforms

Windows

Related

prion 1
zdi 1
openvas 37
cvelist 1
cve 1
ubuntucve 1
mozilla 1
checkpoint_advisories 1
saint 3
zdt 1
packetstorm 1
thn 1
veracode 3
nessus 36
centos 2
redhat 2
oraclelinux 2
suse 7
securityvulns 1
freebsd 1
ubuntu 4
ibm 2
gentoo 1
prion
prion
Design/Logic Flaw
2013-01-13 20:55:00
zdi
zdi
Mozilla Firefox XMLSerializer Use-After-Free Remote Code Execution Vulnerability
2013-02-01 00:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-16) - Linux
2021-11-11 00:00:00
Mozilla Products Multiple Vulnerabilities (Jan 2013) - Windows
2013-01-16 00:00:00
Mozilla Products Multiple Vulnerabilities January13 (Mac OS X)
2013-01-16 00:00:00
cvelist
cvelist
CVE-2013-0753
2013-01-13 20:00:00
cve
cve
CVE-2013-0753
2013-01-13 20:55:00
ubuntucve
ubuntucve
CVE-2013-0753
2013-01-09 00:00:00
mozilla
mozilla
Use-after-free in serializeToStream — Mozilla
2013-01-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox XMLSerializer use-after-free (CVE-2013-0753)
2013-09-22 00:00:00
saint
saint
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability
2013-10-17 00:00:00
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability
2013-10-17 00:00:00
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability
2013-10-17 00:00:00
zdt
zdt
Firefox XMLSerializer Use After Free Vulnerability
2013-08-29 00:00:00
packetstorm
packetstorm
Firefox XMLSerializer Use After Free
2013-08-29 00:00:00
thn
thn
A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures
2017-02-16 06:14:00
veracode
veracode
Out-Of-Bounds Read
2019-05-02 04:45:40
Memory Corruption
2019-05-02 04:45:41
Use-After-Free
2019-05-02 04:45:40
nessus
nessus
CentOS 5 / 6 : thunderbird (CESA-2013:0145)
2013-01-09 00:00:00
Oracle Linux 6 : thunderbird (ELSA-2013-0145)
2013-07-12 00:00:00
Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130108)
2013-01-11 00:00:00
centos
centos
firefox, xulrunner security update
2013-01-09 05:51:05
thunderbird security update
2013-01-09 05:51:41
redhat
redhat
(RHSA-2013:0144) Critical: firefox security update
2013-01-08 00:00:00
(RHSA-2013:0145) Critical: thunderbird security update
2013-01-08 00:00:00
oraclelinux
oraclelinux
firefox security update
2013-01-08 00:00:00
thunderbird security update
2013-01-08 00:00:00
suse
suse
Security update for Mozilla Firefox (important)
2013-02-18 18:04:29
Security update for MozillaFirefox (important)
2013-02-13 23:04:32
Security update for MozillaFirefox (important)
2013-01-18 19:04:49
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-01-10 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-01-08 00:00:00
ubuntu
ubuntu
Firefox regression
2013-01-22 00:00:00
Thunderbird vulnerabilities
2013-01-09 00:00:00
Firefox regression
2013-02-05 00:00:00
ibm
ibm
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.5%

JSON
Related for SAINT:2811EA9ABEDD82774492B8C4654CBCAD
prion1zdi1openvas37cvelist1cve1ubuntucve1mozilla1checkpoint_advisories1saint3zdt1packetstorm1thn1veracode3nessus36centos2redhat2oraclelinux2suse7securityvulns1freebsd1ubuntu4ibm2gentoo1