Buffer overflow in Mozilla Firefox

CVE-2013-5596

The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows r…

Vulnerability class: Buffer Overflow

EPSS: 0.018 (83.0th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 24.0, 24.0.1, 24.0.2
Mozilla Seamonkey — versions 2.0, 2.0.1, 2.0.2
Mozilla Thunderbird — versions 17.0, 17.0.1, 17.0.2
Mozilla Thunderbird_esr — versions 17.0.9
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

security@mozilla.org (x_refsource_CONFIRM)
openSUSE-SU-2013:1633 (vendor-advisory, x_refsource_SUSE)
GLSA-201504-01 (vendor-advisory, x_refsource_GENTOO)
openSUSE-SU-2013:1634 (vendor-advisory, x_refsource_SUSE)
oval:org.mitre.oval:def:19066 (x_refsource_OVAL, signature, vdb-entry)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)