Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey

Arbitrary Code Execution and Denial of Service Vulnerability in Mozilla Firefox, Thunderbird, and SeaMonkey

CVE-2013-1730 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site.

Learn more about our Web App Pen Testing.