1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
PublicDateAtUSN: 2013-09-17
Candidate: CVE-2013-1738
PublicDate: 2013-09-18
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1738
http://www.mozilla.org/security/announce/2013/mfsa2013-92.html
http://www.ubuntu.com/usn/usn-1951-1
http://www.ubuntu.com/usn/usn-1952-1
Description:
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in
Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before
2.21 allows remote attackers to execute arbitrary code by leveraging
incorrect garbage collection in situations involving default compartments
and frame-chain restoration.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: chrisccoulson
Patches_firefox:
upstream_firefox: released (24.0)
lucid_firefox: ignored (reached end-of-life)
precise_firefox: released (24.0+build1-0ubuntu0.12.04.1)
quantal_firefox: released (24.0+build1-0ubuntu0.12.10.1)
raring_firefox: released (24.0+build1-0ubuntu0.13.04.1)
devel_firefox: released (24.0+build1-0ubuntu1)
Patches_thunderbird:
Priority_thunderbird: low
upstream_thunderbird: released (24.0)
lucid_thunderbird: ignored (reached end-of-life)
precise_thunderbird: released (1:24.0+build1-0ubuntu0.12.04.1)
quantal_thunderbird: released (1:24.0+build1-0ubuntu0.12.10.1)
raring_thunderbird: released (1:24.0+build1-0ubuntu0.13.04.1)
devel_thunderbird: released (1:24.0+build1-0ubuntu1)
|