CVE-2013-0780
Publication date 20 February 2013
Last updated 24 July 2024
Ubuntu priority
Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 13.10 saucy |
Not affected
|
13.04 raring |
Not affected
|
|
12.10 quantal |
Fixed 19.0+build1-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 19.0+build1-0ubuntu0.12.04.1
|
|
11.10 oneiric |
Fixed 19.0+build1-0ubuntu0.11.10.1
|
|
10.04 LTS lucid |
Fixed 19.0+build1-0ubuntu0.10.04.1
|
|
8.04 LTS hardy | Ignored end of life | |
seamonkey | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Ignored end of life | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
thunderbird | 13.10 saucy |
Not affected
|
13.04 raring |
Not affected
|
|
12.10 quantal |
Fixed 17.0.3+build1-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 17.0.3+build1-0ubuntu0.12.04.1
|
|
11.10 oneiric |
Fixed 17.0.3+build1-0ubuntu0.11.10.1
|
|
10.04 LTS lucid |
Fixed 17.0.3+build1-0ubuntu0.10.04.1
|
|
8.04 LTS hardy | Ignored end of life | |
xulrunner-1.9.2 | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
10.04 LTS lucid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
xulrunner-2.0 | 13.10 saucy | Not in release |
13.04 raring | Not in release | |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-1748-1
- Thunderbird vulnerabilities
- 25 February 2013
- USN-1729-1
- Firefox vulnerabilities
- 20 February 2013