Описание
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| lucid | ignored | end of life |
| precise | released | 26.0+build2-0ubuntu0.12.04.2 |
| quantal | released | 26.0+build2-0ubuntu0.12.10.2 |
| raring | released | 26.0+build2-0ubuntu0.13.04.2 |
| saucy | released | 26.0+build2-0ubuntu0.13.10.2 |
| upstream | released | 26.0 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:24.2.0+build1-0ubuntu1 |
| lucid | ignored | end of life |
| precise | released | 1:24.2.0+build1-0ubuntu0.12.04.1 |
| quantal | released | 1:24.2.0+build1-0ubuntu0.12.10.1 |
| raring | released | 1:24.2.0+build1-0ubuntu0.13.04.1 |
| saucy | released | 1:24.2.0+build1-0ubuntu0.13.10.1 |
| upstream | released | 24.2.0 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
Use-after-free vulnerability in the nsEventListenerManager::HandleEven ...
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3