CVE-2013-0754

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
13/01/2013
Last modified:
11/04/2025

Description

Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 18.0 (excluding)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 10.0 (including) 10.0.12 (excluding)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 17.0 (including) 17.0.2 (excluding)
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* 2.15 (excluding)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* 17.0.2 (excluding)
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:* 10.0 (including) 10.0.12 (excluding)
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:* 17.0 (including) 17.0.2 (excluding)
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*