CVE-2013-0777

Upstream information

CVE-2013-0777 at MITRE

Description

Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 804248 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2013:0323-1, published Fri, 22 Feb 2013 14:04:25 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1	`MozillaFirefox >= 38.4.0esr-51.1` `MozillaFirefox-translations >= 38.4.0esr-51.1`
SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	`MozillaFirefox >= 45.4.0esr-81.1` `MozillaFirefox-translations >= 45.4.0esr-81.1`
SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP3	`MozillaFirefox >= 52.2.0esr-108.3` `MozillaFirefox-translations >= 52.2.0esr-108.3`
SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP4	`MozillaFirefox >= 52.9.0esr-109.38.2` `MozillaFirefox-translations >= 52.9.0esr-109.38.2`
SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12	`MozillaFirefox >= 31.1.0esr-1.20` `MozillaFirefox-translations >= 31.1.0esr-1.20`
SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5	`MozillaFirefox >= 68.1.0-109.92.1` `MozillaFirefox-translations-common >= 68.1.0-109.92.1`
SUSE Linux Enterprise Module for Desktop Applications 15	`MozillaFirefox >= 52.7.3-1.35` `MozillaFirefox-devel >= 52.7.3-1.35` `MozillaFirefox-translations-common >= 52.7.3-1.35` `MozillaFirefox-translations-other >= 52.7.3-1.35`
SUSE Linux Enterprise Software Development Kit 12 SP1	`MozillaFirefox-devel >= 38.4.0esr-51.1`
SUSE Linux Enterprise Software Development Kit 12 SP2	`MozillaFirefox-devel >= 45.4.0esr-81.1`
SUSE Linux Enterprise Software Development Kit 12 SP3	`MozillaFirefox-devel >= 52.2.0esr-108.3`
SUSE Linux Enterprise Software Development Kit 12 SP4	`MozillaFirefox-devel >= 52.9.0esr-109.38.2`
SUSE Linux Enterprise Software Development Kit 12 SP5	`MozillaFirefox-devel >= 68.1.0-109.92.1`
SUSE Linux Enterprise Software Development Kit 12	`MozillaFirefox-devel >= 31.1.0esr-1.20`
openSUSE Leap 15.0	`MozillaFirefox >= 60.0-lp150.2.2` `MozillaFirefox-translations-common >= 60.0-lp150.2.2` `MozillaFirefox-translations-other >= 60.0-lp150.2.2`	Patchnames: openSUSE Leap 15.0 GA MozillaFirefox
openSUSE Leap 42.1	`MozillaFirefox >= 41.0.2-1.2` `MozillaFirefox-translations-common >= 41.0.2-1.2`	Patchnames: openSUSE Leap 42.1 GA MozillaFirefox
openSUSE Leap 42.2	`MozillaFirefox >= 49.0.2-37.1` `MozillaFirefox-translations-common >= 49.0.2-37.1`	Patchnames: openSUSE Leap 42.2 GA MozillaFirefox
openSUSE Leap 42.3	`MozillaFirefox >= 52.2-58.2` `MozillaFirefox-translations-common >= 52.2-58.2`	Patchnames: openSUSE Leap 42.3 GA MozillaFirefox
openSUSE Tumbleweed	`MozillaFirefox >= 50.1.0-1.1` `MozillaFirefox-branding-upstream >= 50.1.0-1.1` `MozillaFirefox-buildsymbols >= 50.1.0-1.1` `MozillaFirefox-devel >= 50.1.0-1.1` `MozillaFirefox-translations-common >= 50.1.0-1.1` `MozillaFirefox-translations-other >= 50.1.0-1.1` `seamonkey >= 2.40-6.1` `seamonkey-dom-inspector >= 2.40-6.1` `seamonkey-irc >= 2.40-6.1` `seamonkey-translations-common >= 2.40-6.1` `seamonkey-translations-other >= 2.40-6.1`	Patchnames: openSUSE Tumbleweed GA MozillaFirefox openSUSE Tumbleweed GA seamonkey