Improper input validation in Mozilla Firefox
CVE-2013-0757
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the p…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.746 (98.9th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox
- Mozilla Seamonkey
- Mozilla Thunderbird
- Mozilla Thunderbird_esr
- Canonical Ubuntu_linux — versions 10.04, 11.10, 12.04
- Opensuse — versions 11.4, 12.1, 12.2
- Suse Linux_enterprise_desktop — versions 10, 11
- Suse Linux_enterprise_server — versions 10, 11
- Suse Linux_enterprise_software_development_kit — versions 10, 11
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- SUSE-SU-2013:0048 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- oval:org.mitre.oval:def:16939 (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
- security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
- openSUSE-SU-2013:0131 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- USN-1681-4 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- security@mozilla.org (x_refsource_CONFIRM, Exploit, Patch, Issue Tracking, Vendor Advisory)
- SUSE-SU-2013:0049 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- USN-1681-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- openSUSE-SU-2013:0149 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- USN-1681-2 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2013-0757?
- CVE-2013-0757 is a vulnerability in Mozilla Firefox, classified under Improper Input Validation. Published 2013-01-13.
- Is CVE-2013-0757 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.