xulrunner: code execution [LWN.net]

Package(s):

xulrunner

CVE #(s):

CVE-2013-0787

Created:

March 8, 2013

Updated:

March 18, 2013

Description:

From the Mozilla advisory:

VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution.

Alerts:

Red Hat	RHSA-2013:0614-01	2013-03-08
Scientific Linux	SL-xulr-20130308	2013-03-08
CentOS	CESA-2013:0614	2013-03-08
Ubuntu	USN-1758-1	2013-03-08
Oracle	ELSA-2013-0614	2013-03-08
Oracle	ELSA-2013-0614	2013-03-08
CentOS	CESA-2013:0614	2013-03-09
Red Hat	RHSA-2013:0627-01	2013-03-11
CentOS	CESA-2013:0627	2013-03-12
CentOS	CESA-2013:0627	2013-03-12
Oracle	ELSA-2013-0627	2013-03-11
openSUSE	openSUSE-SU-2013:0431-1	2013-03-12
Scientific Linux	SL-thun-20130312	2013-03-12
Ubuntu	USN-1758-2	2013-03-12
Fedora	FEDORA-2013-3718	2013-03-14
Fedora	FEDORA-2013-3718	2013-03-14
Fedora	FEDORA-2013-3718	2013-03-14
Mandriva	MDVSA-2013:024	2013-03-13
Slackware	SSA:2013-072-02	2013-03-13
Fedora	FEDORA-2013-3696	2013-03-15
Fedora	FEDORA-2013-3696	2013-03-15
Fedora	FEDORA-2013-3696	2013-03-15
openSUSE	openSUSE-SU-2013:0467-1	2013-03-15
openSUSE	openSUSE-SU-2013:0465-1	2013-03-15
openSUSE	openSUSE-SU-2013:0468-1	2013-03-15
openSUSE	openSUSE-SU-2013:0466-1	2013-03-15
SUSE	SUSE-SU-2013:0470-1	2013-03-15
SUSE	SUSE-SU-2013:0471-1	2013-03-15
Mageia	MGASA-2013-0093	2013-03-16

(Log in to post comments)