Vulnerability in Mozilla Firefox

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and Se…

EPSS: 0.027 (86.2th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 19.0, 19.0.1, 19.0.2
Mozilla Seamonkey — versions 2.0, 2.0.1, 2.0.2
Mozilla Thunderbird — versions 17.0, 17.0.1, 17.0.2
Mozilla Thunderbird_esr — versions 17.0.9, 17.0, 17.0.1
N/a — versions n/a

References

security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2013:1633 (vendor-advisory, x_refsource_SUSE)
GLSA-201504-01 (vendor-advisory, x_refsource_GENTOO)
RHSA-2013:1480 (x_refsource_REDHAT, vendor-advisory)
RHSA-2013:1476 (x_refsource_REDHAT, vendor-advisory)
openSUSE-SU-2013:1634 (vendor-advisory, x_refsource_SUSE)
DSA-2788 (vendor-advisory, x_refsource_DEBIAN)
security@mozilla.org (x_refsource_CONFIRM)
SUSE-SU-2013:1678 (vendor-advisory, x_refsource_SUSE)
DSA-2797 (vendor-advisory, x_refsource_DEBIAN)