Vulnerability in Mozilla Firefox
CVE-2013-5603
Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to exe…
EPSS: 0.053 (90.2th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 24.0, 24.0.1, 24.0.2
- Mozilla Seamonkey — versions 2.0, 2.0.1, 2.0.2
- Mozilla Thunderbird — versions 17.0, 17.0.1, 17.0.2
- Mozilla Thunderbird_esr — versions 17.0.9
- N/a — versions n/a
References
- security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
- openSUSE-SU-2013:1633 (vendor-advisory, x_refsource_SUSE)
- security@mozilla.org (x_refsource_CONFIRM)
- GLSA-201504-01 (vendor-advisory, x_refsource_GENTOO)
- openSUSE-SU-2013:1634 (vendor-advisory, x_refsource_SUSE)
- oval:org.mitre.oval:def:19302 (x_refsource_OVAL, signature, vdb-entry)