CVE-2013-5615

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.

Published: Dec 11, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-5615
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox_esr	24.0	24.2
mozilla / firefox	-	26.0
mozilla / thunderbird	-	24.2
mozilla / seamonkey	-	2.23
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
opensuse / opensuse	12.3	12.3.x
suse / suse_linux_enterprise_software_development_kit	11.0-sp3	11.0-sp3.x
opensuse / opensuse	12.2	12.2.x
opensuse / opensuse	13.1	13.1.x
suse / suse_linux_enterprise_desktop	11-sp3	11-sp3.x
suse / suse_linux_enterprise_server	11-sp3	11-sp3.x
fedoraproject / fedora	18	18.x
fedoraproject / fedora	20	20.x
fedoraproject / fedora	19	19.x

Vulnerability Database

289,599

CVE-2013-5615