N/A Published on 2013-10-30

CVE-2013-5600

Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL.

EPSS 2.7% percentile 86.0%

Affected tracked apps

Thunderbird

winget:Mozilla.Thunderbird

1 open

Vulnerable CPE configurations

Vendor	Product	Platform	Versions	CPE 2.3 URI
mozilla	thunderbird	Windows	≤24.0.1	cpe:2.3:a:mozilla:thunderbird::::::::
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0.1:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0.2:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0.3:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0.4:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0.5:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0.6:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0.7:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:17.0.8:::::::*
mozilla	thunderbird	Windows	—	cpe:2.3:a:mozilla:thunderbird:24.0:::::::*

View on NVD ↗