Vulnerability Description
The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Thunderbird | <= 24.0.1 |
| Mozilla | Thunderbird Esr | 17.0.9 |
| Mozilla | Firefox | 24.0 |
| Mozilla | Seamonkey | <= 2.22 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-97.htmlVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=910881
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://security.gentoo.org/glsa/201504-01
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html
- http://www.mozilla.org/security/announce/2013/mfsa2013-97.htmlVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=910881
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://security.gentoo.org/glsa/201504-01
FAQ
What is CVE-2013-5596?
CVE-2013-5596 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for rel...
How severe is CVE-2013-5596?
CVE-2013-5596 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5596?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Thunderbird, Mozilla Thunderbird Esr, Mozilla Firefox, Mozilla Seamonkey.