CVE-2013-1730

NameCVE-2013-1730
DescriptionMozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2759-1, DSA-2762-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedove (PTS)wheezy38.7.0-1~deb7u1fixed
wheezy (security)1:45.4.0-1~deb7u1fixed
jessie1:45.2.0-1~deb8u1fixed
jessie (security)1:45.4.0-1~deb8u1fixed
stretch1:45.4.0-1fixed
sid1:45.5.1-1fixed
iceweasel (PTS)wheezy (security), wheezy38.8.0esr-1~deb7u1fixed
jessie (security)38.8.0esr-1~deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesource(unstable)(unfixed)medium
iceapesourcesqueeze(unfixed)end-of-life
iceapesourcewheezy(unfixed)end-of-life
icedovesource(unstable)17.0.9-1medium
icedovesourcesqueeze(unfixed)end-of-life
icedovesourcewheezy17.0.9-1~deb7u1mediumDSA-2762-1
iceweaselsource(unstable)24.0-1medium
iceweaselsourcesqueeze(unfixed)end-of-life
iceweaselsourcewheezy17.0.9esr-1~deb7u1mediumDSA-2759-1

Search for package or bug name: Reporting problems