Use After Free in Mozilla Firefox
CVE-2013-0753
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x bef…
Vulnerability class: Use-After-Free
EPSS: 0.840 (99.3th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox
- Mozilla Seamonkey
- Mozilla Thunderbird
- Mozilla Thunderbird_esr
- Canonical Ubuntu_linux — versions 10.04, 11.10, 12.04
- Opensuse — versions 11.4, 12.1, 12.2
- Redhat Enterprise_linux_desktop — versions 5.0, 6.0
- Redhat Enterprise_linux_eus — versions 5.9, 6.3
- Redhat Enterprise_linux_server — versions 5.0, 6.0
- Redhat Enterprise_linux_server_aus — versions 5.9
Weakness classification (CWE)
Public proof-of-concept exploits
References
- SUSE-SU-2013:0048 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- oval:org.mitre.oval:def:17053 (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
- openSUSE-SU-2013:0131 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- RHSA-2013:0145 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- USN-1681-4 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- RHSA-2013:0144 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
- SUSE-SU-2013:0049 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- USN-1681-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- openSUSE-SU-2013:0149 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2013-0753?
- CVE-2013-0753 is a vulnerability in Mozilla Firefox, classified under Use After Free. Published 2013-01-13.
- Is CVE-2013-0753 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.