CVE-2013-5603

critical

Published 2013-10-30 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2013/mfsa2013-102.html

Application impact

Vendor	Product	Versions
mozilla	thunderbird	`{"endIncluding":"24.0.1"}`
mozilla	thunderbird	`17.0`
mozilla	thunderbird	`17.0.1`
mozilla	thunderbird	`17.0.2`
mozilla	thunderbird	`17.0.3`
mozilla	thunderbird	`17.0.4`
mozilla	thunderbird	`17.0.5`
mozilla	thunderbird	`17.0.6`
mozilla	thunderbird	`17.0.7`
mozilla	thunderbird	`17.0.8`
mozilla	thunderbird	`24.0`
mozilla	thunderbird_esr	`17.0.9`
mozilla	firefox	`24.0`
mozilla	firefox	`24.0.1`
mozilla	firefox	`24.0.2`
mozilla	seamonkey	`{"endIncluding":"2.22"}`
mozilla	seamonkey	`2.0`
mozilla	seamonkey	`2.0.1`
mozilla	seamonkey	`2.0.2`
mozilla	seamonkey	`2.0.3`
mozilla	seamonkey	`2.0.4`
mozilla	seamonkey	`2.0.5`
mozilla	seamonkey	`2.0.6`
mozilla	seamonkey	`2.0.7`
mozilla	seamonkey	`2.0.8`
mozilla	seamonkey	`2.0.9`
mozilla	seamonkey	`2.0.10`
mozilla	seamonkey	`2.0.11`
mozilla	seamonkey	`2.0.12`
mozilla	seamonkey	`2.0.13`
mozilla	seamonkey	`2.0.14`
mozilla	seamonkey	`2.1`
mozilla	seamonkey	`2.10`
mozilla	seamonkey	`2.10.1`
mozilla	seamonkey	`2.11`
mozilla	seamonkey	`2.12`
mozilla	seamonkey	`2.12.1`
mozilla	seamonkey	`2.13`
mozilla	seamonkey	`2.13.1`
mozilla	seamonkey	`2.13.2`
mozilla	seamonkey	`2.14`
mozilla	seamonkey	`2.15`
mozilla	seamonkey	`2.15.1`
mozilla	seamonkey	`2.15.2`
mozilla	seamonkey	`2.16`
mozilla	seamonkey	`2.16.1`
mozilla	seamonkey	`2.16.2`
mozilla	seamonkey	`2.17`
mozilla	seamonkey	`2.17.1`
mozilla	seamonkey	`2.18`
mozilla	seamonkey	`2.19`
mozilla	seamonkey	`2.20`
mozilla	seamonkey	`2.21`
mozilla	seamonkey	`2.22`
mozilla	firefox	`{"endIncluding":"24.0"}`
mozilla	firefox	`19.0`
mozilla	firefox	`19.0.1`
mozilla	firefox	`19.0.2`
mozilla	firefox	`20.0`
mozilla	firefox	`20.0.1`
mozilla	firefox	`21.0`
mozilla	firefox	`22.0`
mozilla	firefox	`23.0`
mozilla	firefox	`23.0.1`

References

Verify integrity in audit chain (admin only). AS-IS.