Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

ITS Advisory Number: 
2013-059
Date(s) Issued: 
Wednesday, June 26, 2013
Subject: 
Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution
Overview: 

Multiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird applications, which could allow for remote code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Thunderbird is an email client.

Successful exploitation of these vulnerabilities could result in either an attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application, crash affected applications, obtain potentially sensitive information, gain escalated privileges, bypass security restrictions, and perform unauthorized actions.

Systems Affected: 
  • Firefox versions prior to 22.0
  • Firefox Extended Support Release (ESR) versions prior to 17.0.7
  • Thunderbird versions prior to 17.0.7
  • Thunderbird Extended Support Release (ESR) versions prior to 17.0.7
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird. The details of these vulnerabilities are as follows:

Actions: 
  • Upgrade vulnerable Mozilla products immediately after appropriate testing
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to open email attachments from unknown users or suspicious emails from trusted sources.
References: 
Mozilla:
http://www.mozilla.org/security/announce/2013/mfsa2013-49.html
http://www.mozilla.org/security/announce/2013/mfsa2013-50.html
http://www.mozilla.org/security/announce/2013/mfsa2013-51.html
http://www.mozilla.org/security/announce/2013/mfsa2013-52.html
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
http://www.mozilla.org/security/announce/2013/mfsa2013-54.html
http://www.mozilla.org/security/announce/2013/mfsa2013-55.html
http://www.mozilla.org/security/announce/2013/mfsa2013-56.html
http://www.mozilla.org/security/announce/2013/mfsa2013-57.html
http://www.mozilla.org/security/announce/2013/mfsa2013-58.html
http://www.mozilla.org/security/announce/2013/mfsa2013-59.html
http://www.mozilla.org/security/announce/2013/mfsa2013-60.html
http://www.mozilla.org/security/announce/2013/mfsa2013-61.html
http://www.mozilla.org/security/announce/2013/mfsa2013-62.html
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1700