Mozilla Firefox/Thunderbird 23.0 JS_GetGlobalForScopeChain resource management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.5 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Mozilla Firefox and Thunderbird 23.0. Impacted is the function JS_GetGlobalForScopeChain. Such manipulation leads to resource management.
This vulnerability is referenced as CVE-2013-1738. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
Details
A vulnerability was found in Mozilla Firefox and Thunderbird 23.0 (Web Browser) and classified as very critical. Affected by this issue is the function JS_GetGlobalForScopeChain. The manipulation with an unknown input leads to a resource management vulnerability. Using CWE to declare the problem leads to CWE-399. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.
The weakness was published 09/17/2013 by Nils and Bobby Holley (Inferno) with Google as Mozilla Foundation Security Advisory 2013-92 as confirmed advisory (Website). The advisory is shared for download at mozilla.org. The public release has been coordinated with the vendor. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. This vulnerability is handled as CVE-2013-1738 since 02/13/2013. The attack may be launched remotely. No form of authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 05/25/2021).
The vulnerability scanner Nessus provides a plugin with the ID 70036 (Fedora 19 : firefox-24.0-1.fc19 / xulrunner-24.0-2.fc19 (2013-16992)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 195953 (Ubuntu Security Notification for Firefox Vulnerabilities (USN-1951-1)).
Upgrading to version 24.0 eliminates this vulnerability. The upgrade is hosted for download at mozilla.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (70036), SecurityFocus (BID 62447†), OSVDB (97387†), Secunia (SA54821†) and Vulnerability Center (SBV-41545†). mozilla.org is providing further details. Similar entries are available at VDB-10401, VDB-10402, VDB-10403 and VDB-10404. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Affected
- Mozilla Firefox 23.0.1
- Mozilla Thunderbird 23.0
- Mozilla SeaMonkey 2.20
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.mozilla.org/
- Product: https://www.mozilla.org/en-US/firefox/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.5
VulDB Base Score: 10.0
VulDB Temp Score: 9.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 70036
Nessus Name: Fedora 19 : firefox-24.0-1.fc19 / xulrunner-24.0-2.fc19 (2013-16992)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 803605
OpenVAS Name: Mozilla Firefox Multiple Vulnerabilities-01 Sep13 (Windows)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Firefox/Thunderbird 24.0
Timeline
02/13/2013 🔍09/17/2013 🔍
09/17/2013 🔍
09/17/2013 🔍
09/17/2013 🔍
09/18/2013 🔍
09/18/2013 🔍
09/18/2013 🔍
09/20/2013 🔍
05/25/2021 🔍
Sources
Vendor: mozilla.orgProduct: mozilla.org
Advisory: Mozilla Foundation Security Advisory 2013-92
Researcher: Nils, Bobby Holley (Inferno)
Organization: Google
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-1738 (🔍)
GCVE (CVE): GCVE-0-2013-1738
GCVE (VulDB): GCVE-100-10400
OVAL: 🔍
IAVM: 🔍
SecurityFocus: 62447 - RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2013-76 through -92 Multiple Vulnerabilities
Secunia: 54821 - Cyberfox Multiple Vulnerabilities, Highly Critical
OSVDB: 97387
Vulnerability Center: 41545 - Mozilla Firefox, Thunderbird and Seamonkey Remote Use-After-Free Code Execution Vulnerability (CVE-2013-1738), Critical
Misc.: 🔍
See also: 🔍
Entry
Created: 09/20/2013 11:57Updated: 05/25/2021 17:31
Changes: 09/20/2013 11:57 (87), 01/31/2018 09:54 (5), 05/25/2021 17:31 (3)
Complete: 🔍
Committer:
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.