RULE(RULE ID:321599)

Rule General Information
Release Date: 2018-10-29
Rule Name: WEB-CLIENT Mozilla Firefox Xmlserializer Use After Free Vulnerability (CVE-2013-0753)
Severity:
CVE ID:
Rule Protection Details
Description: Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
Impact: A use-after-free vulnerability can be exploited by an attacker in the vulnerable product. Successful exploit may cause some adverse consequences, such as crash of the product, execution of arbitrary code.
Affected OS: Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android
Reference: SecurityFocusBID:57209
ZeroDayInitiative:ZDI-13-006
http://osvdb.org/show/osvdb/89021
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
http://rhn.redhat.com/errata/RHSA-2013-0144.html
http://rhn.redhat.com/errata/RHSA-2013-0145.html
http://www.mozilla.org/security/announce/2013/mfsa2013-16.html
http://www.ubuntu.com/usn/USN-1681-1
http://www.ubuntu.com/usn/USN-1681-2
http://www.ubuntu.com/usn/USN-1681-4
https://bugzilla.mozilla.org/show_bug.cgi?id=814001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17053
Solutions
Upgrading to version 18.0 eliminates this vulnerability.