CVE-2013-5602

Mozilla Firefox <25.0 - Memory Corruption

Title source: llm
STIX 2.1

Description

The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies.

References (11)

Core 11
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1480.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1476.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-01
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=897678
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2788
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2797
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19293

Scores

EPSS 0.0517
EPSS Percentile 91.5%

Details

CWE
CWE-119
Status published
Products (39)
mozilla/firefox 17.0
mozilla/firefox 17.0.1
mozilla/firefox 17.0.2
mozilla/firefox 17.0.3
mozilla/firefox 17.0.4
mozilla/firefox 17.0.5
mozilla/firefox 17.0.6
mozilla/firefox 17.0.7
mozilla/firefox 17.0.8
mozilla/firefox 17.0.9
... and 29 more
Published Oct 30, 2013
Tracked Since Feb 18, 2026