CVE-2013-0753
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 51%
from disclosure to weapon228 days
Published on NVDJan 13
1st PoC+228d
metasploitJan 8
exploitation probability
51%top 1% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/27940unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0144.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0145.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=814001https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17053http://www.mozilla.org/security/announce/2013/mfsa2013-16.htmlhttp://www.ubuntu.com/usn/USN-1681-1http://www.ubuntu.com/usn/USN-1681-2http://www.ubuntu.com/usn/USN-1681-4