CyberSec.Space Logo
返回 CVE 浏览器

CVE-2013-0756

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1170%
EPSS Percentile11.25th
Published2013年1月13日
Last Modified2026年4月29日

Vulnerability Description

Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection.

Affected Platforms (CPE)

📦
Mozilla

Firefox

< 17.0.2
📦
Mozilla

Firefox

< 18.0
📦
Mozilla

Seamonkey

< 2.15
📦
Mozilla

Thunderbird

< 17.0.2
📦
Mozilla

Thunderbird Esr

< 17.0.2
💻
Opensuse

Opensuse

= 11.4
💻
Opensuse

Opensuse

= 12.1
💻
Opensuse

Opensuse

= 12.2
💻
Suse

Linux Enterprise Desktop

= 10
💻
Suse

Linux Enterprise Desktop

= 11
💻
Suse

Linux Enterprise Server

= 10
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Software Development Kit

= 10
💻
Suse

Linux Enterprise Software Development Kit

= 11
💻
Canonical

Ubuntu Linux

= 10.04
💻
Canonical

Ubuntu Linux

= 11.10
💻
Canonical

Ubuntu Linux

= 12.04
💻
Canonical

Ubuntu Linux

= 12.10

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
🔗 http://www.mozilla.org/security/announce/2013/mfsa2013-19.html
🔗 http://www.ubuntu.com/usn/USN-1681-1
🔗 http://www.ubuntu.com/usn/USN-1681-2
🔗 http://www.ubuntu.com/usn/USN-1681-4

相关漏洞威胁

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...