FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-0787

This CVE name corresponds to:

Entered Topic
2013-03-08 mozilla -- use-after-free in HTML Editor

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2013-0787
Phase Assigned(20130102)

Description

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.

References

Source Reference
MISC http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
MISC http://twitter.com/VUPEN/statuses/309505403631325184
MISC http://twitter.com/thezdi/statuses/309484730506698752
CONFIRM http://www.mozilla.org/security/announce/2013/mfsa2013-29.html
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=848644
DEBIAN DSA-2699
REDHAT RHSA-2013:0614
REDHAT RHSA-2013:0627
SUSE openSUSE-SU-2013:0431
SUSE SUSE-SU-2013:0470
SUSE openSUSE-SU-2013:0465
SUSE openSUSE-SU-2013:0467
SUSE openSUSE-SU-2013:0468
UBUNTU USN-1758-1
OVAL oval:org.mitre.oval:def:16737