Описание
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 24.0+build1-0ubuntu1 |
| lucid | ignored | end of life |
| precise | released | 24.0+build1-0ubuntu0.12.04.1 |
| quantal | released | 24.0+build1-0ubuntu0.12.10.1 |
| raring | released | 24.0+build1-0ubuntu0.13.04.1 |
| upstream | released | 24.0 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:24.0+build1-0ubuntu1 |
| lucid | ignored | end of life |
| precise | released | 1:24.0+build1-0ubuntu0.12.04.1 |
| quantal | released | 1:24.0+build1-0ubuntu0.12.10.1 |
| raring | released | 1:24.0+build1-0ubuntu0.13.04.1 |
| upstream | released | 24.0 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tr ...
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.
EPSS
6.8 Medium
CVSS2