RCE in Mozilla Firefox
CVE-2013-0758
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitra…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.874 (99.5th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox
- Mozilla Seamonkey
- Mozilla Thunderbird
- Mozilla Thunderbird_esr
- Canonical Ubuntu_linux — versions 10.04, 11.10, 12.04
- Opensuse — versions 11.4, 12.1, 12.2
- Redhat Enterprise_linux_desktop — versions 5.0, 6.0
- Redhat Enterprise_linux_eus — versions 5.9, 6.3
- Redhat Enterprise_linux_server — versions 5.0, 6.0
- Redhat Enterprise_linux_server_aus — versions 5.9
Weakness classification (CWE)
Public proof-of-concept exploits
References
- SUSE-SU-2013:0048 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- oval:org.mitre.oval:def:17087 (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
- openSUSE-SU-2013:0131 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- RHSA-2013:0145 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- USN-1681-4 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- RHSA-2013:0144 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- security@mozilla.org (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
- SUSE-SU-2013:0049 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
- USN-1681-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2013-0758?
- CVE-2013-0758 is a vulnerability in Mozilla Firefox, classified under Code Injection. Published 2013-01-13.
- Is CVE-2013-0758 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.