CVE-2013-0800

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-0800
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=825721 Issue Tracking Patch Vendor Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0697.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0696.html Broken Link
http://www.ubuntu.com/usn/USN-1791-1 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html Mailing List Third Party Advisory
http://www.debian.org/security/2013/dsa-2699 Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html Mailing List Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16909 Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
Information

Published : 2013-04-03 04:56

Updated : 2021-03-11 07:35

NVD link : CVE-2013-0800

Mitre link : CVE-2013-0800

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

mozilla

  • firefox_esr
  • thunderbird
  • firefox
  • seamonkey
  • thunderbird_esr

suse

  • linux_enterprise_desktop
  • linux_enterprise_server
  • linux_enterprise_software_development_kit

canonical

  • ubuntu_linux

debian

  • debian_linux

opensuse

  • opensuse