CVE-2013-0781

Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html	Mailing List Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-28.html	Vendor Advisory
http://www.ubuntu.com/usn/USN-1729-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1729-2	Third Party Advisory
http://www.ubuntu.com/usn/USN-1748-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=821991	Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16934	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird_esr::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*

History

No history.

Information

Published : 2013-02-19 23:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-0781

Mitre link : CVE-2013-0781

CVE.ORG link : CVE-2013-0781

JSON object : View

Products Affected

mozilla

thunderbird
firefox
seamonkey
thunderbird_esr
firefox_esr

opensuse

opensuse

canonical

ubuntu_linux

CWE

CWE-416

Use After Free

{"id": "CVE-2013-0781", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-02-19T23:55:01.770", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-28.html", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-1729-1", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-1729-2", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-1748-1", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=821991", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16934", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n nsPrintEngine::CommonPrint en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejecutar c\u00f3digo arbitrio o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de vectores no especificados"}], "lastModified": "2020-08-06T17:11:41.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2980165-E0D6-43C0-9AB8-C643B25EF6AC", "versionEndExcluding": "19.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "907637C3-EAA4-4A46-A996-922240E34504", "versionEndExcluding": "17.0.3"}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60B8F330-4C2F-490C-970E-B22B73B8BE6C", "versionEndExcluding": "2.16"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9E0D4E3-BE28-4C02-BF03-483A44E9BDDA", "versionEndExcluding": "17.0.3"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5568CD78-1F01-476D-AA89-D3B3AC3B5172", "versionEndExcluding": "17.0.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}