[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Arbitrary code execution vulnerability in the Chrome Object Wrapper (COW) implementation in Mozilla Firefox, ESR, Thunderbird, ESR, Seamonkey - MFSA 2013-14

ID: oval:org.secpod.oval:def:9652Date: (C)2013-03-11   (M)2017-11-17
Class: PATCHFamily: macos




The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote attackers to execute arbitrary JavaScript code with chrome privileges.

Platform:
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Apple Mac OS X Server 10.11
Apple Mac OS X Server 10.12
Product:
Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Mozilla Thunderbird ESR
Mozilla SeaMonkey
Reference:
MFSA 2013-14
CVE-2013-0757
CVE    1
CVE-2013-0757
CPE    461
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:firefox:0.8
cpe:/a:mozilla:firefox:0.7
cpe:/a:mozilla:firefox:0.9
...

© 2013 SecPod Technologies