CVE-2013-5613 – Mozilla: Use-after-free in synthetic mouse movement (MFSA 2013-114)

https://notcve.org/view.php?id=CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. Vulnerabilidad de liberación despues de uso en la función PresShell :: DispatchSynthMouseMove en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x antes 24.2, Thunderbird antes de 24.2, y SeaMonkey anterior a 2.23 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria heap) a través de vectores relacionados con el movimiento del ratón sintética, con la función RestyleManager :: GetHoverGeneration. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013 • CWE-416: Use After Free •