CVE-2013-1738 Information
Description
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0 Thunderbird before 24.0 and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html http://www.mozilla.org/security/announce/2013/mfsa2013-92.html http://www.securityfocus.com/bid/62466 http://www.ubuntu.com/usn/USN-1951-1 http://www.ubuntu.com/usn/USN-1952-1 https://bugzilla.mozilla.org/show_bug.cgi?id=882897 https://bugzilla.mozilla.org/show_bug.cgi?id=887334 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A18766
Share on: