=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN107
_____________________________________________________________________

DATE                : 08/03/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running
                     Firefox versions prior to 19.0.2, ESR 17.0.4,
                     Thunderbird versions prior to 17.0.4, ESR 17.0.4,
                     SeaMonkey versions prior to 2.16.1.

======================================================================
http://www.mozilla.org/security/announce/2013/mfsa2013-29.html
______________________________________________________________________

Mozilla Foundation Security Advisory 2013-29

Title: Use-after-free in HTML Editor
Impact: Critical
Announced: March 7, 2013
Reporter: VUPEN Security
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 19.0.2
  Firefox ESR 17.0.4
  Thunderbird 17.0.4
  Thunderbird ESR 17.0.4
  SeaMonkey 2.16.1


Description

VUPEN Security, via TippingPoint's Zero Day Initiative, reported a
use-after-free within the HTML editor when content script is run by the
document.execCommand() function while internal editor operations are
occurring. This could allow for arbitrary code execution.


References

    use-after-free in nsHTMLEditor when using execCommand() (CVE-2013-0787)


======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================