QwikSec

Security Database

CVE

CWE

Training

CVE-2013-5599

Published: Oct 30, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.mozilla.org/security/announce/2013/mfsa2013-100.html

x_refsource_CONFIRM

openSUSE-SU-2013:1633

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

oval:org.mitre.oval:def:19315

vdb-entry

signature

x_refsource_OVAL

openSUSE-SU-2013:1634

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_DEBIAN

SUSE-SU-2013:1678

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_DEBIAN

https://bugzilla.mozilla.org/show_bug.cgi?id=915210

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.