CVE-2013-0777

Upstream information

CVE-2013-0777 at MITRE

Description

Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 804248 [RESOLVED / FIXED]

SUSE Security Advisories:

• openSUSE-SU-2013:0323-1, published Fri, 22 Feb 2013 14:04:25 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 12	MozillaFirefox >= 31.1.0esr-1.20 MozillaFirefox-translations >= 31.1.0esr-1.20	Patchnames: SUSE Linux Enterprise Desktop 12 GA MozillaFirefox
SUSE Linux Enterprise Desktop 12 SP1	MozillaFirefox >= 38.4.0esr-51.1 MozillaFirefox-translations >= 38.4.0esr-51.1	Patchnames: SUSE Linux Enterprise Desktop 12 SP1 GA MozillaFirefox
SUSE Linux Enterprise Desktop 12 SP2	MozillaFirefox >= 45.4.0esr-81.1 MozillaFirefox-translations >= 45.4.0esr-81.1	Patchnames: SUSE Linux Enterprise Desktop 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Desktop 12 SP3	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3	Patchnames: SUSE Linux Enterprise Desktop 12 SP3 GA MozillaFirefox
SUSE Linux Enterprise Desktop 12 SP4	MozillaFirefox >= 52.9.0esr-109.38.2 MozillaFirefox-translations >= 52.9.0esr-109.38.2	Patchnames: SUSE Linux Enterprise Desktop 12 SP4 GA MozillaFirefox
SUSE Linux Enterprise High Performance Computing 12 SP5	MozillaFirefox >= 68.1.0-109.92.1 MozillaFirefox-translations-common >= 68.1.0-109.92.1	Patchnames: SUSE Linux Enterprise High Performance Computing 12 SP5 GA MozillaFirefox
SUSE Linux Enterprise Module for Desktop Applications 15	MozillaFirefox >= 52.7.3-1.35 MozillaFirefox-devel >= 52.7.3-1.35 MozillaFirefox-translations-common >= 52.7.3-1.35 MozillaFirefox-translations-other >= 52.7.3-1.35	Patchnames: SUSE Linux Enterprise Module for Desktop Applications 15 GA MozillaFirefox
SUSE Linux Enterprise Server 12	MozillaFirefox >= 31.1.0esr-1.20 MozillaFirefox-translations >= 31.1.0esr-1.20	Patchnames: SUSE Linux Enterprise Server 12 GA MozillaFirefox
SUSE Linux Enterprise Server 12 SP1	MozillaFirefox >= 38.4.0esr-51.1 MozillaFirefox-translations >= 38.4.0esr-51.1	Patchnames: SUSE Linux Enterprise Server 12 SP1 GA MozillaFirefox
SUSE Linux Enterprise Server 12 SP2	MozillaFirefox >= 45.4.0esr-81.1 MozillaFirefox-translations >= 45.4.0esr-81.1	Patchnames: SUSE Linux Enterprise Server 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Server 12 SP3	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3	Patchnames: SUSE Linux Enterprise Server 12 SP3 GA MozillaFirefox
SUSE Linux Enterprise Server 12 SP4	MozillaFirefox >= 52.9.0esr-109.38.2 MozillaFirefox-translations >= 52.9.0esr-109.38.2	Patchnames: SUSE Linux Enterprise Server 12 SP4 GA MozillaFirefox
SUSE Linux Enterprise Server 12 SP5	MozillaFirefox >= 68.1.0-109.92.1 MozillaFirefox-translations-common >= 68.1.0-109.92.1	Patchnames: SUSE Linux Enterprise Server 12 SP5 GA MozillaFirefox
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	MozillaFirefox >= 45.4.0esr-81.1 MozillaFirefox-translations >= 45.4.0esr-81.1	Patchnames: SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA MozillaFirefox
SUSE Linux Enterprise Software Development Kit 12	MozillaFirefox-devel >= 31.1.0esr-1.20	Patchnames: SUSE Linux Enterprise Software Development Kit 12 GA MozillaFirefox-devel
SUSE Linux Enterprise Software Development Kit 12 SP1	MozillaFirefox-devel >= 38.4.0esr-51.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP1 GA MozillaFirefox-devel
SUSE Linux Enterprise Software Development Kit 12 SP2	MozillaFirefox-devel >= 45.4.0esr-81.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP2 GA MozillaFirefox-devel
SUSE Linux Enterprise Software Development Kit 12 SP3	MozillaFirefox-devel >= 52.2.0esr-108.3	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP3 GA MozillaFirefox-devel
SUSE Linux Enterprise Software Development Kit 12 SP4	MozillaFirefox-devel >= 52.9.0esr-109.38.2	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP4 GA MozillaFirefox-devel
SUSE Linux Enterprise Software Development Kit 12 SP5	MozillaFirefox-devel >= 68.1.0-109.92.1	Patchnames: SUSE Linux Enterprise Software Development Kit 12 SP5 GA MozillaFirefox-devel
openSUSE Leap 15.0	MozillaFirefox >= 60.0-lp150.2.2 MozillaFirefox-translations-common >= 60.0-lp150.2.2 MozillaFirefox-translations-other >= 60.0-lp150.2.2	Patchnames: openSUSE Leap 15.0 GA MozillaFirefox
openSUSE Leap 42.1	MozillaFirefox >= 41.0.2-1.2 MozillaFirefox-translations-common >= 41.0.2-1.2	Patchnames: openSUSE Leap 42.1 GA MozillaFirefox
openSUSE Leap 42.2	MozillaFirefox >= 49.0.2-37.1 MozillaFirefox-translations-common >= 49.0.2-37.1	Patchnames: openSUSE Leap 42.2 GA MozillaFirefox
openSUSE Leap 42.3	MozillaFirefox >= 52.2-58.2 MozillaFirefox-translations-common >= 52.2-58.2	Patchnames: openSUSE Leap 42.3 GA MozillaFirefox
openSUSE Tumbleweed	MozillaFirefox >= 50.1.0-1.1 MozillaFirefox-branding-upstream >= 50.1.0-1.1 MozillaFirefox-buildsymbols >= 50.1.0-1.1 MozillaFirefox-devel >= 50.1.0-1.1 MozillaFirefox-translations-common >= 50.1.0-1.1 MozillaFirefox-translations-other >= 50.1.0-1.1 seamonkey >= 2.40-6.1 seamonkey-dom-inspector >= 2.40-6.1 seamonkey-irc >= 2.40-6.1 seamonkey-translations-common >= 2.40-6.1 seamonkey-translations-other >= 2.40-6.1	Patchnames: openSUSE Tumbleweed GA MozillaFirefox openSUSE Tumbleweed GA seamonkey