CVE-2013-0789
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endIncluding":"19.0.2"} | |
| mozilla | firefox | 19.0 | |
| mozilla | firefox | 19.0.1 | |
| mozilla | seamonkey | {"endIncluding":"2.17"} | |
| mozilla | seamonkey | 2.0 | |
| mozilla | seamonkey | 2.0.1 | |
| mozilla | seamonkey | 2.0.2 | |
| mozilla | seamonkey | 2.0.3 | |
| mozilla | seamonkey | 2.0.4 | |
| mozilla | seamonkey | 2.0.5 | |
| mozilla | seamonkey | 2.0.6 | |
| mozilla | seamonkey | 2.0.7 | |
| mozilla | seamonkey | 2.0.8 | |
| mozilla | seamonkey | 2.0.9 | |
| mozilla | seamonkey | 2.0.10 | |
| mozilla | seamonkey | 2.0.11 | |
| mozilla | seamonkey | 2.0.12 | |
| mozilla | seamonkey | 2.0.13 | |
| mozilla | seamonkey | 2.0.14 | |
| mozilla | seamonkey | 2.1 | |
| mozilla | seamonkey | 2.2 | |
| mozilla | seamonkey | 2.3 | |
| mozilla | seamonkey | 2.3.1 | |
| mozilla | seamonkey | 2.3.2 | |
| mozilla | seamonkey | 2.3.3 | |
| mozilla | seamonkey | 2.4 | |
| mozilla | seamonkey | 2.4.1 | |
| mozilla | seamonkey | 2.5 | |
| mozilla | seamonkey | 2.6 | |
| mozilla | seamonkey | 2.6.1 | |
| mozilla | seamonkey | 2.7 | |
| mozilla | seamonkey | 2.7.1 | |
| mozilla | seamonkey | 2.7.2 | |
| mozilla | seamonkey | 2.8 | |
| mozilla | seamonkey | 2.9 | |
| mozilla | seamonkey | 2.9.1 | |
| mozilla | seamonkey | 2.10 | |
| mozilla | seamonkey | 2.10.1 | |
| mozilla | seamonkey | 2.11 | |
| mozilla | seamonkey | 2.12 | |
| mozilla | seamonkey | 2.12.1 | |
| mozilla | seamonkey | 2.13 | |
| mozilla | seamonkey | 2.13.1 | |
| mozilla | seamonkey | 2.13.2 | |
| mozilla | seamonkey | 2.14 | |
| mozilla | seamonkey | 2.15 | |
| mozilla | seamonkey | 2.15.1 | |
| mozilla | seamonkey | 2.15.2 | |
| mozilla | seamonkey | 2.16 | |
| mozilla | seamonkey | 2.16.1 | |
| mozilla | seamonkey | 2.16.2 | |
| mozilla | seamonkey | 2.17 | |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=808736
- https://bugzilla.mozilla.org/show_bug.cgi?id=815315
- https://bugzilla.mozilla.org/show_bug.cgi?id=817841
- https://bugzilla.mozilla.org/show_bug.cgi?id=824643
- https://bugzilla.mozilla.org/show_bug.cgi?id=824856
- https://bugzilla.mozilla.org/show_bug.cgi?id=827596
- https://bugzilla.mozilla.org/show_bug.cgi?id=830595
- https://bugzilla.mozilla.org/show_bug.cgi?id=831055
- https://bugzilla.mozilla.org/show_bug.cgi?id=835499
- https://bugzilla.mozilla.org/show_bug.cgi?id=837714
- https://bugzilla.mozilla.org/show_bug.cgi?id=839209
- https://bugzilla.mozilla.org/show_bug.cgi?id=842300
- https://bugzilla.mozilla.org/show_bug.cgi?id=849014
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17079
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=808736
Verify integrity in audit chain (admin only). AS-IS.