CVE-2013-0782

Current Description

Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.

Basic Data

PublishedFebruary 19, 2013
Last ModifiedAugust 06, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-787
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox********19.0
    2.3ApplicationMozillaFirefox Esr********17.0.3
    2.3ApplicationMozillaSeamonkey********2.16
    2.3ApplicationMozillaThunderbird********17.0.3
    2.3ApplicationMozillaThunderbird Esr********17.0.3
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseOpensuse11.4*******
    2.3OSOpensuseOpensuse12.1*******
    2.3OSOpensuseOpensuse12.2*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Aus5.9*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Eus5.9*******
    2.3OSRedhatEnterprise Linux Eus6.3*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux10.04***-***
    2.3OSCanonicalUbuntu Linux11.10*******
    2.3OSCanonicalUbuntu Linux12.04***esm***
    2.3OSCanonicalUbuntu Linux12.10*******

Vulnerable Software List

VendorProductVersions
Mozilla Firefox *
Mozilla Thunderbird *
Mozilla Seamonkey *
Mozilla Firefox Esr *
Mozilla Thunderbird Esr *
Debian Debian Linux 7.0
Redhat Enterprise Linux Workstation 5.0, 6.0
Redhat Enterprise Linux Eus 5.9, 6.3
Redhat Enterprise Linux Desktop 5.0, 6.0
Redhat Enterprise Linux Aus 5.9
Redhat Enterprise Linux Server 5.0, 6.0
Canonical Ubuntu Linux 10.04, 11.10, 12.04, 12.10
Opensuse Opensuse 11.4, 12.1, 12.2

References

NameSourceURLTags
openSUSE-SU-2013:0323http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.htmlSUSEMailing List Third Party Advisory
openSUSE-SU-2013:0324http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.htmlSUSEMailing List Third Party Advisory
RHSA-2013:0271http://rhn.redhat.com/errata/RHSA-2013-0271.htmlREDHATThird Party Advisory
RHSA-2013:0272http://rhn.redhat.com/errata/RHSA-2013-0272.htmlREDHATThird Party Advisory
DSA-2699http://www.debian.org/security/2013/dsa-2699DEBIANThird Party Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-28.htmlhttp://www.mozilla.org/security/announce/2013/mfsa2013-28.htmlCONFIRMVendor Advisory
USN-1729-1http://www.ubuntu.com/usn/USN-1729-1UBUNTUThird Party Advisory
USN-1729-2http://www.ubuntu.com/usn/USN-1729-2UBUNTUThird Party Advisory
USN-1748-1http://www.ubuntu.com/usn/USN-1748-1UBUNTUThird Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=827070https://bugzilla.mozilla.org/show_bug.cgi?id=827070CONFIRMIssue Tracking Patch Vendor Advisory
oval:org.mitre.oval:def:16906https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16906OVALThird Party Advisory