Vulnerability Details : CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.

Vulnerability category: Memory CorruptionExecute codeDenial of service

Published 2013-12-11 15:55:13

Updated 2020-08-12 14:45:10

Source Mozilla Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-5616

Probability of exploitation activity in the next 30 days: 1.74%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-5616

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2013-5616

CWE-416 Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Assigned by: [email protected] (Primary)

References for CVE-2013-5616

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=938341

Exploit;Issue Tracking;Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2053-1

Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201504-01

Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2052-1

Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-1812.html

Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1029476

Third Party Advisory;VDB Entry

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.mozilla.org/security/announce/2013/mfsa2013-108.html

Vendor Advisory
http://www.securitytracker.com/id/1029470

Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2013-5616

Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 6.5
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux Enterprise Desktop » Version: 11 Update SP3
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
Matching versions
Suse » Suse Linux Enterprise Software Development Kit » Version: 11.0 Update SP3
cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
Matching versions
Suse » Suse Linux Enterprise Server » Version: 11 Update SP3 For Vmware
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Matching versions
Suse » Suse Linux Enterprise Server » Version: 11 Update SP3
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*
Matching versions
Mozilla » Firefox
Versions before (<) 26.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions before (<) 24.2
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions before (<) 2.23
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr
Versions from including (>=) 24.0 and before (<) 24.2
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 13.04
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 13.10
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 18
cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.2
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.3
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions