9.3

CVE-2013-0781

Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 17.0.3
MozillaFirefox Version < 19.0
MozillaSeamonkey Version < 2.16
MozillaThunderbird Version < 17.0.3
MozillaThunderbird Esr Version < 17.0.3
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
OpensuseOpensuse Version12.2
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.56% 0.797
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://bugzilla.mozilla.org/show_bug.cgi?id=821991
Patch
Vendor Advisory
Issue Tracking