Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:DA3ECA08230245EE7F4237D374BEE30E
HistoryOct 17, 2013 - 12:00 a.m.

Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability

2013-10-1700:00:00
SAINT Corporation
www.saintcorporation.com
22

0.971 High

EPSS

Percentile

99.8%

JSON

Added: 10/17/2013
CVE: CVE-2013-0753
BID: 57209
OSVDB: 89021

Background

Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.

Problem

Mozilla Firefox prior to 18.0 contains a use-after-free error in the **XMLSerializer** when the **serializeToStream** method is used. A remote attacker who persuades a user to open a crafted web page could execute arbitrary code in the context of the user running the browser.

Resolution

Upgrade to Mozilla Firefox 18.0 or newer.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-006/&gt;
<http://www.mozilla.org/security/announce/2013/mfsa2013-16.html&gt;

Limitations

This exploit was tested against Mozilla Firefox 17.0.1 on Windows XP SP3 English (DEP OptIn).

The user must open the exploit in a vulnerable version of Firefox.

Platforms

Windows

Related

cve 1
zdi 1
prion 1
cvelist 1
nvd 1
openvas 37
saint 3
checkpoint_advisories 1
ubuntucve 1
mozilla 1
packetstorm 1
zdt 1
thn 1
veracode 3
nessus 36
redhat 2
oraclelinux 2
centos 2
suse 7
ubuntu 4
ibm 2
securityvulns 1
freebsd 1
gentoo 1
cve
cve
CVE-2013-0753
2013-01-13 20:55:01
zdi
zdi
Mozilla Firefox XMLSerializer Use-After-Free Remote Code Execution Vulnerability
2013-02-01 00:00:00
prion
prion
Design/Logic Flaw
2013-01-13 20:55:00
cvelist
cvelist
CVE-2013-0753
2013-01-13 20:00:00
nvd
nvd
CVE-2013-0753
2013-01-13 20:55:01
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-16) - Linux
2021-11-11 00:00:00
Mozilla Products Multiple Vulnerabilities January13 (Windows)
2013-01-16 00:00:00
Mozilla Products Multiple Vulnerabilities (Jan 2013) - Mac OS X
2013-01-16 00:00:00
saint
saint
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability
2013-10-17 00:00:00
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability
2013-10-17 00:00:00
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability
2013-10-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox XMLSerializer use-after-free (CVE-2013-0753)
2013-09-22 00:00:00
ubuntucve
ubuntucve
CVE-2013-0753
2013-01-09 00:00:00
mozilla
mozilla
Use-after-free in serializeToStream — Mozilla
2013-01-08 00:00:00
packetstorm
packetstorm
Firefox XMLSerializer Use After Free
2013-08-29 00:00:00
zdt
zdt
Firefox XMLSerializer Use After Free Vulnerability
2013-08-29 00:00:00
thn
thn
A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures
2017-02-16 06:14:00
veracode
veracode
Use-After-Free
2019-05-02 04:45:40
Out-Of-Bounds Read
2019-05-02 04:45:40
Memory Corruption
2019-05-02 04:45:41
nessus
nessus
RHEL 5 / 6 : firefox (RHSA-2013:0144)
2013-01-09 00:00:00
Oracle Linux 5 / 6 : firefox (ELSA-2013-0144)
2013-07-12 00:00:00
Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130108)
2013-01-11 00:00:00
redhat
redhat
(RHSA-2013:0145) Critical: thunderbird security update
2013-01-08 00:00:00
(RHSA-2013:0144) Critical: firefox security update
2013-01-08 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2013-01-08 00:00:00
firefox security update
2013-01-08 00:00:00
centos
centos
thunderbird security update
2013-01-09 05:51:41
firefox, xulrunner security update
2013-01-09 05:51:05
suse
suse
Security update for Mozilla Firefox (important)
2013-02-18 18:04:29
Mozilla Januarys (important)
2013-01-23 14:04:54
Security update for MozillaFirefox (important)
2013-01-18 20:04:36
ubuntu
ubuntu
Firefox regression
2013-01-22 00:00:00
Firefox vulnerabilities
2013-01-09 00:00:00
Firefox regression
2013-02-05 00:00:00
ibm
ibm
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-01-10 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-01-08 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00

0.971 High

EPSS

Percentile

99.8%

JSON
Related for SAINT:DA3ECA08230245EE7F4237D374BEE30E
cve1zdi1prion1cvelist1nvd1openvas37saint3checkpoint_advisories1ubuntucve1mozilla1packetstorm1zdt1thn1veracode3nessus36redhat2oraclelinux2centos2suse7ubuntu4ibm2securityvulns1freebsd1gentoo1