xulrunner: code execution

Package(s):

xulrunner

CVE #(s):

CVE-2013-0787

Created:

March 8, 2013

Updated:

June 3, 2013

Description:

From the Mozilla advisory:

VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution.

Alerts:

openSUSE	openSUSE-SU-2014:1100-1	Firefox	2014-09-09
Gentoo	201309-23	firefox	2013-09-27
Debian	DSA-2699-1	iceweasel	2013-06-02
Mageia	MGASA-2013-0120	iceape	2013-04-18
Mageia	MGASA-2013-0093	firefox, thunderbird	2013-03-16
SUSE	SUSE-SU-2013:0471-1	Mozilla Firefox	2013-03-15
SUSE	SUSE-SU-2013:0470-1	Mozilla Firefox	2013-03-15
openSUSE	openSUSE-SU-2013:0466-1	xulrunner	2013-03-15
openSUSE	openSUSE-SU-2013:0468-1	seamonkey	2013-03-15
openSUSE	openSUSE-SU-2013:0465-1	MozillaThunderbird	2013-03-15
openSUSE	openSUSE-SU-2013:0467-1	MozillaFirefox	2013-03-15
Fedora	FEDORA-2013-3696	xulrunner	2013-03-15
Fedora	FEDORA-2013-3696	thunderbird	2013-03-15
Fedora	FEDORA-2013-3696	firefox	2013-03-15
Slackware	SSA:2013-072-02	seamonkey	2013-03-13
Mandriva	MDVSA-2013:024	firefox	2013-03-13
Fedora	FEDORA-2013-3718	thunderbird	2013-03-14
Fedora	FEDORA-2013-3718	xulrunner	2013-03-14
Fedora	FEDORA-2013-3718	firefox	2013-03-14
Ubuntu	USN-1758-2	thunderbird	2013-03-12
Scientific Linux	SL-thun-20130312	thunderbird	2013-03-12
openSUSE	openSUSE-SU-2013:0431-1	Mozilla	2013-03-12
Oracle	ELSA-2013-0627	thunderbird	2013-03-11
CentOS	CESA-2013:0627	thunderbird	2013-03-12
CentOS	CESA-2013:0627	thunderbird	2013-03-12
Red Hat	RHSA-2013:0627-01	thunderbird	2013-03-11
CentOS	CESA-2013:0614	xulrunner	2013-03-09
Oracle	ELSA-2013-0614	xulrunner	2013-03-08
Oracle	ELSA-2013-0614	xulrunner	2013-03-08
Ubuntu	USN-1758-1	firefox	2013-03-08
CentOS	CESA-2013:0614	xulrunner	2013-03-08
Scientific Linux	SL-xulr-20130308	xulrunner	2013-03-08
Red Hat	RHSA-2013:0614-01	xulrunner	2013-03-08