--%> SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)
[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Improper state in HTML5 Tree Builder with templates - mfsa2013-77

ID: oval:org.secpod.oval:def:16372Date: (C)2013-12-30   (M)2017-09-22
Class: PATCHFamily: macos




Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is empty. This could possibly lead to code execution in some circumstances.

Platform:
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Apple Mac OS X Server 10.11
Apple Mac OS X Server 10.12
Product:
Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Reference:
MFSA 2013-77
CVE-2013-1720
CVE    1
CVE-2013-1720
CPE    122
cpe:/a:mozilla:thunderbird:17.0.5
cpe:/a:mozilla:thunderbird:17.0.4
cpe:/a:mozilla:thunderbird:17.0.3
cpe:/a:mozilla:thunderbird:17.0.2
...

© 2013 SecPod Technologies