CVE-2013-0765 | Vulnerability Database | Aqua Security

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	19.0 (excluding)
Seamonkey	Mozilla	*	2.16 (excluding)
Firefox	Ubuntu	hardy	*
Firefox	Ubuntu	lucid	*
Firefox	Ubuntu	oneiric	*
Firefox	Ubuntu	precise	*
Firefox	Ubuntu	quantal	*
Firefox	Ubuntu	upstream	*
Seamonkey	Ubuntu	hardy	*
Seamonkey	Ubuntu	lucid	*
Seamonkey	Ubuntu	oneiric	*
Seamonkey	Ubuntu	upstream	*
Thunderbird	Ubuntu	hardy	*
Thunderbird	Ubuntu	lucid	*
Thunderbird	Ubuntu	oneiric	*
Thunderbird	Ubuntu	precise	*
Thunderbird	Ubuntu	quantal	*
Thunderbird	Ubuntu	upstream	*
Xulrunner-1.9.2	Ubuntu	hardy	*
Xulrunner-1.9.2	Ubuntu	lucid	*

References

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
http://www.mozilla.org/security/announce/2013/mfsa2013-23.html
http://www.ubuntu.com/usn/USN-1729-1
http://www.ubuntu.com/usn/USN-1729-2
https://bugzilla.mozilla.org/show_bug.cgi?id=830614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17097
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
http://www.mozilla.org/security/announce/2013/mfsa2013-23.html
http://www.ubuntu.com/usn/USN-1729-1
http://www.ubuntu.com/usn/USN-1729-2
https://bugzilla.mozilla.org/show_bug.cgi?id=830614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17097

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-0765
CWE	https://cwe.mitre.org/data/definitions/.html