Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability

🗓️ 01 Feb 2013 00:00:00Reported by pa_kt / twitter.com/pa_ktType

zdi🔗 www.zerodayinitiative.com👁 30 Views

Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability This allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability. The specific flaw exists within the way Mozilla Firefox handles the concatenation of strings. An integer overflow may occur resulting in memory corruption, which may be exploited by an attacker.

Reporter	Title	Published	Views	Family All 112
IBM Security Bulletins	Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities	26 Sep 202204:23	–	ibm
IBM Security Bulletins	Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities	26 Sep 202204:23	–	ibm
Tenable Nessus	Mozilla Firefox < 18.0 Multiple Vulnerabilities	15 Jan 201300:00	–	nessus
Tenable Nessus	Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities	15 Jan 201300:00	–	nessus
Tenable Nessus	SeaMonkey 2.14.x < 2.15 Multiple Vulnerabilities	15 Jan 201300:00	–	nessus
Tenable Nessus	Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities	15 Jan 201300:00	–	nessus
Tenable Nessus	Mozilla Thunderbird 17.x < 17.0.2 Multiple Vulnerabilities	15 Jan 201300:00	–	nessus
Tenable Nessus	Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities	15 Jan 201300:00	–	nessus
Tenable Nessus	Mozilla SeaMonkey 2.x <= 2.14 Multiple Vulnerabilities	15 Jan 201300:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0144)	9 Jan 201300:00	–	nessus

Source	Link
mozilla	www.mozilla.org/security/announce/2013/mfsa2013-12.html

01 Feb 2013 00:00Current

4.9Medium risk

Vulners AI Score4.9

CVSS 27.5

EPSS0.0381