Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0038 A vulnerability has been fixed in the latest version of Mo zilla Firefox, Thunderbird and SeaMonkey 11 March 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Operating System: Windows UNIX variants (UNIX, Linux, OSX) Android Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-0787 Member content until: Wednesday, April 10 2013 OVERVIEW A vulnerability has been fixed in the latest versions of Mozilla Firefox, Thunderbird and SeaMonkey. IMPACT Mozilla provides the following details regarding this vulenrability: CVE-2013-0787: "VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution." [1] MITIGATION Users should update to the latest versions of Firefox, Thunderbird and SeaMonkey. REFERENCES [1] Mozilla Foundation Security Advisory 2013-29 http://www.mozilla.org/security/announce/2013/mfsa2013-29.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUT0rMe4yVqjM2NGpAQKrzw/+NlABOIy6G4MIMWwrQKAPD0mBOgCnKo+m quCBMmS+2SB9bu3BOD9Nu5966nHDravRiVWYbkz9OmjuV6RkQFu//VTdQNtWrC8E kdVS8i/XnM1yaG1NrPzJKWslntFW6JCN5Afo9T1gFzNh4u0fUCr5zmS2PDAeUNMh XsPgpvZfss8JhAUILrILKYtiTBHHG5GxdXij5rQwKrJHX2UvBR6WnSwDY3G7zRJ9 NkLMvhfzCSYg6KzUvaWXZJJPj/kn36Cnkxr1gd9lxmCn8lPSJwOnMpXc00kBwzkX W+LDPd8WZ0R385zdHC2tn4XDNfdmN5FCbWR5s0pJR8Vqw9fOGO0Mu/NlQLsyBnGU 2Ta4u3CbBnZSDg+JvLrDUo8rImHqaWykk/dIngFMhKAYqazq/zORyUj2Smtj/LCF u4F87CxKRHRC7mddm5kfcowyQ+1KOQH1d6rUTQm70IkcURLIedzquyTMqyzM65h/ 2x623FMwBEv0Q2dbWWxZ3+DE/kg3j/xoQUANLIo64mS0EmnqED1VUPvFy/qHbfcQ 7pOTSbOckmC2GCwSkPI9cXLbqfL5Q6akd5Hcw2Gr/UPzK8q6jiz2M3Aosw6PZv8u 5ukil7wtCyxzDxL0jJruuKgZRNXgyZu9iExnzYygftX7VPm0U7OkBbPR/V3KT24Y zFBgqkJDL/E= =K0Ez -----END PGP SIGNATURE-----