CVE-2013-0766

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-0766
Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0144.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0145.html Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-02.html Vendor Advisory
http://www.securityfocus.com/bid/57194 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1681-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-2 Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-4 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=803853 Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0144.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0145.html Third Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-02.html Vendor Advisory
http://www.securityfocus.com/bid/57194 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1681-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-2 Third Party Advisory
http://www.ubuntu.com/usn/USN-1681-4 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=803853 Issue Tracking Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16189 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
History

No history.

Information

Published : 2013-01-13 20:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-0766

Mitre link : CVE-2013-0766

CVE.ORG link : CVE-2013-0766

JSON object : View

Products Affected

suse

  • linux_enterprise_desktop
  • linux_enterprise_server
  • linux_enterprise_software_development_kit

redhat

  • enterprise_linux_server
  • enterprise_linux_workstation
  • enterprise_linux_server_aus
  • enterprise_linux_eus
  • enterprise_linux_desktop

mozilla

  • thunderbird
  • firefox
  • seamonkey
  • thunderbird_esr

canonical

  • ubuntu_linux

opensuse

  • opensuse
CWE
CWE-416

Use After Free