9.3
CVE-2013-0760
- EPSS 3.15%
- Veröffentlicht 13.01.2013 20:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle security@mozilla.org
- Teams Watchlist Login
- Unerledigt Login
Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 17.0.2
Mozilla ≫ Thunderbird Esr Version < 10.0.12
Mozilla ≫ Thunderbird Esr Version >= 17.0 < 17.0.2
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4
Suse ≫ Linux Enterprise Desktop Version11 Updatesp2
Suse ≫ Linux Enterprise Server Version10 Updatesp4
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version12.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.15% | 0.857 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.