CVE-2013-5602

The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
mozillafirefox
17.0
mozillafirefox
17.0.1
mozillafirefox
17.0.2
mozillafirefox
17.0.3
mozillafirefox
17.0.4
mozillafirefox
17.0.5
mozillafirefox
17.0.6
mozillafirefox
17.0.7
mozillafirefox
17.0.8
mozillafirefox
17.0.9
mozillafirefox
24.0
mozillafirefox_esr
24.0.1
mozillafirefox_esr
24.0.2
mozillathunderbird
𝑥
≤ 24.0.1
mozillathunderbird
17.0
mozillathunderbird
17.0.1
mozillathunderbird
17.0.2
mozillathunderbird
17.0.3
mozillathunderbird
17.0.4
mozillathunderbird
17.0.5
mozillathunderbird
17.0.6
mozillathunderbird
17.0.7
mozillathunderbird
17.0.8
mozillathunderbird
24.0
mozillathunderbird_esr
17.0.9
mozillaseamonkey
𝑥
≤ 2.22
mozillaseamonkey
2.0
mozillaseamonkey
2.0:alpha_1
mozillaseamonkey
2.0:alpha_2
mozillaseamonkey
2.0:alpha_3
mozillaseamonkey
2.0:beta_1
mozillaseamonkey
2.0:beta_2
mozillaseamonkey
2.0:rc1
mozillaseamonkey
2.0:rc2
mozillaseamonkey
2.0.1
mozillaseamonkey
2.0.2
mozillaseamonkey
2.0.3
mozillaseamonkey
2.0.4
mozillaseamonkey
2.0.5
mozillaseamonkey
2.0.6
mozillaseamonkey
2.0.7
mozillaseamonkey
2.0.8
mozillaseamonkey
2.0.9
mozillaseamonkey
2.0.10
mozillaseamonkey
2.0.11
mozillaseamonkey
2.0.12
mozillaseamonkey
2.0.13
mozillaseamonkey
2.0.14
mozillaseamonkey
2.1
mozillaseamonkey
2.1:alpha1
mozillaseamonkey
2.1:alpha2
mozillaseamonkey
2.1:alpha3
mozillaseamonkey
2.1:beta1
mozillaseamonkey
2.1:beta2
mozillaseamonkey
2.1:beta3
mozillaseamonkey
2.1:rc1
mozillaseamonkey
2.1:rc2
mozillaseamonkey
2.10
mozillaseamonkey
2.10:beta1
mozillaseamonkey
2.10:beta2
mozillaseamonkey
2.10:beta3
mozillaseamonkey
2.10.1
mozillaseamonkey
2.11
mozillaseamonkey
2.11:beta1
mozillaseamonkey
2.11:beta2
mozillaseamonkey
2.11:beta3
mozillaseamonkey
2.11:beta4
mozillaseamonkey
2.11:beta5
mozillaseamonkey
2.11:beta6
mozillaseamonkey
2.12
mozillaseamonkey
2.12:beta1
mozillaseamonkey
2.12:beta2
mozillaseamonkey
2.12:beta3
mozillaseamonkey
2.12:beta4
mozillaseamonkey
2.12:beta5
mozillaseamonkey
2.12:beta6
mozillaseamonkey
2.12.1
mozillaseamonkey
2.13
mozillaseamonkey
2.13:beta1
mozillaseamonkey
2.13:beta2
mozillaseamonkey
2.13:beta3
mozillaseamonkey
2.13:beta4
mozillaseamonkey
2.13:beta5
mozillaseamonkey
2.13:beta6
mozillaseamonkey
2.13.1
mozillaseamonkey
2.13.2
mozillaseamonkey
2.14
mozillaseamonkey
2.14:beta1
mozillaseamonkey
2.14:beta2
mozillaseamonkey
2.14:beta3
mozillaseamonkey
2.14:beta4
mozillaseamonkey
2.14:beta5
mozillaseamonkey
2.15
mozillaseamonkey
2.15:beta1
mozillaseamonkey
2.15:beta2
mozillaseamonkey
2.15:beta3
mozillaseamonkey
2.15:beta4
mozillaseamonkey
2.15:beta5
mozillaseamonkey
2.15:beta6
mozillaseamonkey
2.15.1
mozillaseamonkey
2.15.2
mozillaseamonkey
2.16
mozillaseamonkey
2.16:beta1
mozillaseamonkey
2.16:beta2
mozillaseamonkey
2.16:beta3
mozillaseamonkey
2.16:beta4
mozillaseamonkey
2.16:beta5
mozillaseamonkey
2.16.1
mozillaseamonkey
2.16.2
mozillaseamonkey
2.17
mozillaseamonkey
2.17:beta1
mozillaseamonkey
2.17:beta2
mozillaseamonkey
2.17:beta3
mozillaseamonkey
2.17:beta4
mozillaseamonkey
2.17.1
mozillaseamonkey
2.18:beta1
mozillaseamonkey
2.18:beta2
mozillaseamonkey
2.18:beta3
mozillaseamonkey
2.18:beta4
mozillaseamonkey
2.19
mozillaseamonkey
2.19:beta1
mozillaseamonkey
2.19:beta2
mozillaseamonkey
2.20
mozillaseamonkey
2.20:beta1
mozillaseamonkey
2.20:beta2
mozillaseamonkey
2.20:beta3
mozillaseamonkey
2.21:beta1
mozillaseamonkey
2.21:beta2
mozillaseamonkey
2.22:beta1
mozillafirefox
𝑥
≤ 24.0
mozillafirefox
19.0
mozillafirefox
19.0.1
mozillafirefox
19.0.2
mozillafirefox
20.0
mozillafirefox
20.0.1
mozillafirefox
21.0
mozillafirefox
22.0
mozillafirefox
23.0
mozillafirefox
23.0.1
mozillathunderbird_esr
17.0
mozillathunderbird_esr
17.0.1
mozillathunderbird_esr
17.0.2
mozillathunderbird_esr
17.0.3
mozillathunderbird_esr
17.0.4
mozillathunderbird_esr
17.0.5
mozillathunderbird_esr
17.0.6
mozillathunderbird_esr
17.0.7
mozillathunderbird_esr
17.0.8
mozillathunderbird_esr
17.0.9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
saucy
Fixed 25.0+build3-0ubuntu0.13.10.1
released
raring
Fixed 25.0+build3-0ubuntu0.13.04.1
released
quantal
Fixed 25.0+build3-0ubuntu0.12.10.1
released
precise
Fixed 25.0+build3-0ubuntu0.12.04.1
released
lucid
ignored
thunderbird
saucy
Fixed 1:24.1.0+build1-0ubuntu0.13.10.1
released
raring
Fixed 1:24.1.0+build1-0ubuntu0.13.04.1
released
quantal
Fixed 1:24.1.0+build1-0ubuntu0.12.10.1
released
precise
Fixed 1:24.1.0+build1-0ubuntu0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html
http://rhn.redhat.com/errata/RHSA-2013-1476.html
http://rhn.redhat.com/errata/RHSA-2013-1480.html
http://www.debian.org/security/2013/dsa-2788
http://www.debian.org/security/2013/dsa-2797
http://www.mozilla.org/security/announce/2013/mfsa2013-101.html
https://bugzilla.mozilla.org/show_bug.cgi?id=897678
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19293
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html
http://rhn.redhat.com/errata/RHSA-2013-1476.html
http://rhn.redhat.com/errata/RHSA-2013-1480.html
http://www.debian.org/security/2013/dsa-2788
http://www.debian.org/security/2013/dsa-2797
http://www.mozilla.org/security/announce/2013/mfsa2013-101.html
https://bugzilla.mozilla.org/show_bug.cgi?id=897678
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19293
https://security.gentoo.org/glsa/201504-01