What is CVE-2013-5616?

CVE-2013-5616 is a critical-severity vulnerability in Mozilla Firefox, classified under Use After Free. CVSS score: 9.8/10. Published 2013-12-11.

How severe is CVE-2013-5616?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Use After Free in Mozilla Firefox

CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arb…

Vulnerability class: Use-After-Free

EPSS: 0.029 (86.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Canonical Ubuntu_linux — versions 12.04, 12.10, 13.04
Fedoraproject Fedora — versions 18, 19, 20
Opensuse — versions 12.2, 12.3, 13.1
Redhat Enterprise_linux_desktop — versions 5.0, 6.0
Redhat Enterprise_linux_eus — versions 6.5
Redhat Enterprise_linux_server — versions 5.0, 6.0
Redhat Enterprise_linux_server_aus — versions 6.5

Weakness classification (CWE)

CWE-416 — Use After Free

References

openSUSE-SU-2013:1958 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
SUSE-SU-2013:1919 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
openSUSE-SU-2013:1957 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM, Exploit, Issue Tracking, Vendor Advisory)
FEDORA-2013-23127 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
FEDORA-2013-23519 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
1029470 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
openSUSE-SU-2013:1917 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
openSUSE-SU-2013:1959 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2013-5616?: CVE-2013-5616 is a critical-severity vulnerability in Mozilla Firefox, classified under Use After Free. CVSS score: 9.8/10. Published 2013-12-11.
How severe is CVE-2013-5616?: Critical severity. CVSS v3 base score is 9.8 out of 10.