CVE-2013-0760
UnknownEPSS 5.33%
Last modified
CVE-2013-0760 is a vulnerability of currently unknown severity. Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.. EPSS estimates a 5.33% chance of exploitation in the next 30 days.
Description
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mozilla | Firefox | < 10.0.11 | — |
| Mozilla | Firefox | < 18.0 | — |
| Mozilla | Firefox | >= 17.0, < 17.0.2 | — |
| Mozilla | Seamonkey | < 2.15 | — |
| Mozilla | Thunderbird | < 17.0.2 | — |
| Mozilla | Thunderbird Esr | < 10.0.12 | — |
| Mozilla | Thunderbird Esr | >= 17.0, < 17.0.2 | — |
| Opensuse | Opensuse | 11.4 | — |
| Opensuse | Opensuse | 12.1 | — |
| Opensuse | Opensuse | 12.2 | — |
| Suse | Linux Enterprise Desktop | 10 | Sp4 |
| Suse | Linux Enterprise Desktop | 11 | Sp2 |
| Suse | Linux Enterprise Server | 10 | Sp4 |
| Suse | Linux Enterprise Server | 11 | Sp2 |
| Suse | Linux Enterprise Software Development Kit | 10 | Sp4 |
| Suse | Linux Enterprise Software Development Kit | 11 | Sp2 |
| Canonical | Ubuntu Linux | 10.04 | — |
| Canonical | Ubuntu Linux | 11.10 | — |
| Canonical | Ubuntu Linux | 12.04 | — |
| Canonical | Ubuntu Linux | 12.10 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
- http://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=780979Issue Tracking, Patch, Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlMailing List, Third Party Advisory
- http://www.ubuntu.com/usn/USN-1681-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-1681-2Third Party Advisory
- http://www.ubuntu.com/usn/USN-1681-4Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=780979Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-0760?
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
How severe is CVE-2013-0760?
Severity scoring for CVE-2013-0760 is pending analysis. The EPSS model estimates a 5.33% probability of exploitation in the next 30 days.
How do I fix CVE-2013-0760?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2013-0760?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST