Improper input validation in Mozilla Firefox

CVE-2013-1735

Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows r…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.045 (89.3th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 19.0, 19.0.1, 19.0.2
Mozilla Seamonkey — versions 2.0, 2.0.1, 2.0.2
Mozilla Thunderbird — versions 17.0, 17.0.1, 17.0.2
Mozilla Thunderbird_esr — versions 17.0, 17.0.1, 17.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

openSUSE-SU-2013:1491 (vendor-advisory, x_refsource_SUSE)
FEDORA-2013-16992 (x_refsource_FEDORA, vendor-advisory)
openSUSE-SU-2013:1496 (vendor-advisory, x_refsource_SUSE)
62479 (vdb-entry, x_refsource_BID)
FEDORA-2013-17074 (x_refsource_FEDORA, vendor-advisory)
USN-1952-1 (x_refsource_UBUNTU, vendor-advisory)
USN-1951-1 (x_refsource_UBUNTU, vendor-advisory)
oval:org.mitre.oval:def:18443 (x_refsource_OVAL, signature, vdb-entry)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2013:1633 (vendor-advisory, x_refsource_SUSE)