CVE-2013-5599

2013-10-2900:00:00

ubuntu.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.073 Low

EPSS

Percentile

94.1%

JSON

Use-after-free vulnerability in the nsIPresShell::GetPresContext function
in the PresShell (aka presentation shell) implementation in Mozilla Firefox
before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1,
Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey
before 2.22 allows remote attackers to execute arbitrary code or cause a
denial of service (heap memory corruption and application crash) via
vectors involving a CANVAS element, a mozTextStyle attribute, and an
onresize event.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 25.0+build3-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchfirefox< 25.0+build3-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchfirefox< 25.0+build3-0ubuntu0.13.04.1UNKNOWN
ubuntu13.10noarchfirefox< 25.0+build3-0ubuntu0.13.10.1UNKNOWN
ubuntu12.04noarchthunderbird< 1:24.1.0+build1-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchthunderbird< 1:24.1.0+build1-0ubuntu0.12.10.1UNKNOWN
ubuntu13.04noarchthunderbird< 1:24.1.0+build1-0ubuntu0.13.04.1UNKNOWN
ubuntu13.10noarchthunderbird< 1:24.1.0+build1-0ubuntu0.13.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	firefox	< 25.0+build3-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	firefox	< 25.0+build3-0ubuntu0.12.10.1	UNKNOWN
ubuntu	13.04	noarch	firefox	< 25.0+build3-0ubuntu0.13.04.1	UNKNOWN
ubuntu	13.10	noarch	firefox	< 25.0+build3-0ubuntu0.13.10.1	UNKNOWN
ubuntu	12.04	noarch	thunderbird	< 1:24.1.0+build1-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	thunderbird	< 1:24.1.0+build1-0ubuntu0.12.10.1	UNKNOWN
ubuntu	13.04	noarch	thunderbird	< 1:24.1.0+build1-0ubuntu0.13.04.1	UNKNOWN
ubuntu	13.10	noarch	thunderbird	< 1:24.1.0+build1-0ubuntu0.13.10.1	UNKNOWN