Fluid Attacks Database

Description

Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	firefox	<0:17.0.6-1.el5_9	0:17.0.6-1.el5_9
rpm rhel6	firefox	<0:17.0.6-1.el6_4	0:17.0.6-1.el6_4
rpm rhel5	thunderbird	-	-
rpm rhel6	thunderbird	<0:17.0.6-2.el6_4	0:17.0.6-2.el6_4
rpm rhel5	xulrunner	<0:17.0.6-1.el5_9	0:17.0.6-1.el5_9
rpm rhel6	xulrunner	<0:17.0.6-2.el6_4	0:17.0.6-2.el6_4

Aliases

1. CVE-2013-16812. NVD-2013-16813. OSV-2013-1681

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.