CVE-2013-5613

Published: Dec 11, 2013Modified: Apr 29, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.

Affected (28)

Products: Mozilla: Firefox, Seamonkey, Thunderbird · Fedoraproject: Fedora · Opensuse: Opensuse · +3 more

Show all products

3 products

1 product

1 product

3 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

Redhat

7 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Canonical

1 product

Ubuntu Linux

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 26.0
Mozilla Firefox	From 24.0 to 24.2
Mozilla Seamonkey	Before 2.23
Mozilla Thunderbird	Before 24.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 18
Fedoraproject Fedora	Version 19
Fedoraproject Fedora	Version 20

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.2
Opensuse Opensuse	Version 12.3
Opensuse Opensuse	Version 13.1
Suse Suse Linux Enterprise Desktop	Version 11 sp3
Suse Suse Linux Enterprise Server	Version 11 sp3
Suse Suse Linux Enterprise Server	Version 11 sp3
Suse Suse Linux Enterprise Software Development Kit	Version 11.0 sp3

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.5
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.5
Redhat Enterprise Linux Server Eus	Version 6.5
Redhat Enterprise Linux Server Tus	Version 6.5
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.04
Canonical Ubuntu Linux	Version 13.10

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (44)

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1812.html

Source: security@mozilla.org

Third Party Advisory

http://www.mozilla.org/security/announce/2013/mfsa2013-114.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.securitytracker.com/id/1029470

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029476

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2052-1

Source: security@mozilla.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-2053-1

Source: security@mozilla.org

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=930381

Source: security@mozilla.org

ExploitIssue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=932449

Source: security@mozilla.org

ExploitIssue TrackingVendor Advisory

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1812.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mozilla.org/security/announce/2013/mfsa2013-114.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securitytracker.com/id/1029470

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029476

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2052-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ubuntu.com/usn/USN-2053-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=930381

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=932449

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://security.gentoo.org/glsa/201504-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.