CVE-2013-1697
Publication date 25 June 2013
Last updated 24 July 2024
Ubuntu priority
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 13.04 raring |
Fixed 22.0+build1-0ubuntu0.13.04.1
|
12.10 quantal |
Fixed 22.0+build1-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 22.0+build1-0ubuntu0.12.04.1
|
|
10.04 LTS lucid | Ignored end of life | |
seamonkey | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
10.04 LTS lucid | Ignored end of life | |
thunderbird | 13.04 raring |
Fixed 17.0.7+build1-0ubuntu0.13.04.1
|
12.10 quantal |
Fixed 17.0.7+build1-0ubuntu0.12.10.1
|
|
12.04 LTS precise |
Fixed 17.0.7+build1-0ubuntu0.12.04.1
|
|
10.04 LTS lucid | Ignored end of life | |
xulrunner-1.9.2 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
10.04 LTS lucid | Ignored end of life |
References
Related Ubuntu Security Notices (USN)
- USN-1890-1
- Firefox vulnerabilities
- 26 June 2013
- USN-1891-1
- Thunderbird vulnerabilities
- 26 June 2013