CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2013-1679

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0560%
EPSS Percentile1.84th
Published2013年5月16日
Last Modified2026年4月29日

Vulnerability Description

Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Affected Platforms (CPE)

📦
Mozilla

Firefox

<= 20.0.1
📦
Mozilla

Firefox

= 19.0
📦
Mozilla

Firefox

= 19.0.1
📦
Mozilla

Firefox

= 19.0.2
📦
Mozilla

Firefox

= 20.0
📦
Mozilla

Firefox

= 17.0
📦
Mozilla

Firefox

= 17.0.1
📦
Mozilla

Firefox

= 17.0.2
📦
Mozilla

Firefox

= 17.0.3
📦
Mozilla

Firefox

= 17.0.4
📦
Mozilla

Firefox

= 17.0.5
📦
Mozilla

Thunderbird

<= 17.0.5
📦
Mozilla

Thunderbird

= 17.0
📦
Mozilla

Thunderbird

= 17.0.1
📦
Mozilla

Thunderbird

= 17.0.2
📦
Mozilla

Thunderbird

= 17.0.3
📦
Mozilla

Thunderbird

= 17.0.4
📦
Mozilla

Thunderbird Esr

= 17.0
📦
Mozilla

Thunderbird Esr

= 17.0.1
📦
Mozilla

Thunderbird Esr

= 17.0.2
📦
Mozilla

Thunderbird Esr

= 17.0.3
📦
Mozilla

Thunderbird Esr

= 17.0.4
📦
Mozilla

Thunderbird Esr

= 17.0.5

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
🔗 http://rhn.redhat.com/errata/RHSA-2013-0820.html
🔗 http://rhn.redhat.com/errata/RHSA-2013-0821.html
🔗 http://www.debian.org/security/2013/dsa-2699

相關漏洞威脅

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...