CVE-2013-1724
Description
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | seamonkey | {"endIncluding":"2.20"} | |
| mozilla | seamonkey | 2.0 | |
| mozilla | seamonkey | 2.0.1 | |
| mozilla | seamonkey | 2.0.2 | |
| mozilla | seamonkey | 2.0.3 | |
| mozilla | seamonkey | 2.0.4 | |
| mozilla | seamonkey | 2.0.5 | |
| mozilla | seamonkey | 2.0.6 | |
| mozilla | seamonkey | 2.0.7 | |
| mozilla | seamonkey | 2.0.8 | |
| mozilla | seamonkey | 2.0.9 | |
| mozilla | seamonkey | 2.0.10 | |
| mozilla | seamonkey | 2.0.11 | |
| mozilla | seamonkey | 2.0.12 | |
| mozilla | seamonkey | 2.0.13 | |
| mozilla | seamonkey | 2.0.14 | |
| mozilla | seamonkey | 2.1 | |
| mozilla | seamonkey | 2.10 | |
| mozilla | seamonkey | 2.10.1 | |
| mozilla | seamonkey | 2.11 | |
| mozilla | seamonkey | 2.12 | |
| mozilla | seamonkey | 2.12.1 | |
| mozilla | seamonkey | 2.13 | |
| mozilla | seamonkey | 2.13.1 | |
| mozilla | seamonkey | 2.13.2 | |
| mozilla | seamonkey | 2.14 | |
| mozilla | seamonkey | 2.15 | |
| mozilla | seamonkey | 2.15.1 | |
| mozilla | seamonkey | 2.15.2 | |
| mozilla | seamonkey | 2.16 | |
| mozilla | seamonkey | 2.16.1 | |
| mozilla | seamonkey | 2.16.2 | |
| mozilla | seamonkey | 2.17 | |
| mozilla | seamonkey | 2.17.1 | |
| mozilla | seamonkey | 2.18 | |
| mozilla | seamonkey | 2.19 | |
| mozilla | seamonkey | 2.20 | |
| mozilla | firefox | {"endIncluding":"23.0.1"} | |
| mozilla | firefox | 19.0 | |
| mozilla | firefox | 19.0.1 | |
| mozilla | firefox | 19.0.2 | |
| mozilla | firefox | 20.0 | |
| mozilla | firefox | 20.0.1 | |
| mozilla | firefox | 21.0 | |
| mozilla | firefox | 22.0 | |
| mozilla | firefox | 23.0 | |
| mozilla | thunderbird | {"endIncluding":"17.0.9"} | |
| mozilla | thunderbird | 17.0 | |
| mozilla | thunderbird | 17.0.1 | |
| mozilla | thunderbird | 17.0.2 | |
| mozilla | thunderbird | 17.0.3 | |
| mozilla | thunderbird | 17.0.4 | |
| mozilla | thunderbird | 17.0.5 | |
| mozilla | thunderbird | 17.0.6 | |
| mozilla | thunderbird | 17.0.7 | |
| mozilla | thunderbird | 17.0.8 | |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-81.html
- http://www.securityfocus.com/bid/62464
- http://www.ubuntu.com/usn/USN-1951-1
- http://www.ubuntu.com/usn/USN-1952-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=894137
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18982
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-81.html
- http://www.securityfocus.com/bid/62464
- http://www.ubuntu.com/usn/USN-1951-1
- http://www.ubuntu.com/usn/USN-1952-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=894137
CWEs
CWE-399
💬 Discuss CVE-2013-1724 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.