The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.
2013-09-18T10:08:24.350
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mozilla | firefox | ≤ 23.0.1 | Yes |
| Application | mozilla | firefox | 19.0 | Yes |
| Application | mozilla | firefox | 19.0.1 | Yes |
| Application | mozilla | firefox | 19.0.2 | Yes |
| Application | mozilla | firefox | 20.0 | Yes |
| Application | mozilla | firefox | 20.0.1 | Yes |
| Application | mozilla | firefox | 21.0 | Yes |
| Application | mozilla | firefox | 22.0 | Yes |
| Application | mozilla | firefox | 23.0 | Yes |
| Application | mozilla | thunderbird | ≤ 17.0.9 | Yes |
| Application | mozilla | thunderbird | 17.0 | Yes |
| Application | mozilla | thunderbird | 17.0.1 | Yes |
| Application | mozilla | thunderbird | 17.0.2 | Yes |
| Application | mozilla | thunderbird | 17.0.3 | Yes |
| Application | mozilla | thunderbird | 17.0.4 | Yes |
| Application | mozilla | thunderbird | 17.0.5 | Yes |
| Application | mozilla | thunderbird | 17.0.6 | Yes |
| Application | mozilla | thunderbird | 17.0.7 | Yes |
| Application | mozilla | thunderbird | 17.0.8 | Yes |
| Application | mozilla | seamonkey | ≤ 2.20 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0 | Yes |
| Application | mozilla | seamonkey | 2.0.1 | Yes |
| Application | mozilla | seamonkey | 2.0.2 | Yes |
| Application | mozilla | seamonkey | 2.0.3 | Yes |
| Application | mozilla | seamonkey | 2.0.4 | Yes |
| Application | mozilla | seamonkey | 2.0.5 | Yes |
| Application | mozilla | seamonkey | 2.0.6 | Yes |
| Application | mozilla | seamonkey | 2.0.7 | Yes |
| Application | mozilla | seamonkey | 2.0.8 | Yes |
| Application | mozilla | seamonkey | 2.0.9 | Yes |
| Application | mozilla | seamonkey | 2.0.10 | Yes |
| Application | mozilla | seamonkey | 2.0.11 | Yes |
| Application | mozilla | seamonkey | 2.0.12 | Yes |
| Application | mozilla | seamonkey | 2.0.13 | Yes |
| Application | mozilla | seamonkey | 2.0.14 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.1 | Yes |
| Application | mozilla | seamonkey | 2.10 | Yes |
| Application | mozilla | seamonkey | 2.10 | Yes |
| Application | mozilla | seamonkey | 2.10 | Yes |
| Application | mozilla | seamonkey | 2.10 | Yes |
| Application | mozilla | seamonkey | 2.10.1 | Yes |
| Application | mozilla | seamonkey | 2.11 | Yes |
| Application | mozilla | seamonkey | 2.11 | Yes |
| Application | mozilla | seamonkey | 2.11 | Yes |
| Application | mozilla | seamonkey | 2.11 | Yes |
| Application | mozilla | seamonkey | 2.11 | Yes |
| Application | mozilla | seamonkey | 2.11 | Yes |
| Application | mozilla | seamonkey | 2.11 | Yes |
| Application | mozilla | seamonkey | 2.12 | Yes |
| Application | mozilla | seamonkey | 2.12 | Yes |
| Application | mozilla | seamonkey | 2.12 | Yes |
| Application | mozilla | seamonkey | 2.12 | Yes |
| Application | mozilla | seamonkey | 2.12 | Yes |
| Application | mozilla | seamonkey | 2.12 | Yes |
| Application | mozilla | seamonkey | 2.12 | Yes |
| Application | mozilla | seamonkey | 2.12.1 | Yes |
| Application | mozilla | seamonkey | 2.13 | Yes |
| Application | mozilla | seamonkey | 2.13 | Yes |
| Application | mozilla | seamonkey | 2.13 | Yes |
| Application | mozilla | seamonkey | 2.13 | Yes |
| Application | mozilla | seamonkey | 2.13 | Yes |
| Application | mozilla | seamonkey | 2.13 | Yes |
| Application | mozilla | seamonkey | 2.13 | Yes |
| Application | mozilla | seamonkey | 2.13.1 | Yes |
| Application | mozilla | seamonkey | 2.13.2 | Yes |
| Application | mozilla | seamonkey | 2.14 | Yes |
| Application | mozilla | seamonkey | 2.14 | Yes |
| Application | mozilla | seamonkey | 2.14 | Yes |
| Application | mozilla | seamonkey | 2.14 | Yes |
| Application | mozilla | seamonkey | 2.14 | Yes |
| Application | mozilla | seamonkey | 2.14 | Yes |
| Application | mozilla | seamonkey | 2.15 | Yes |
| Application | mozilla | seamonkey | 2.15 | Yes |
| Application | mozilla | seamonkey | 2.15 | Yes |
| Application | mozilla | seamonkey | 2.15 | Yes |
| Application | mozilla | seamonkey | 2.15 | Yes |
| Application | mozilla | seamonkey | 2.15 | Yes |
| Application | mozilla | seamonkey | 2.15 | Yes |
| Application | mozilla | seamonkey | 2.15.1 | Yes |
| Application | mozilla | seamonkey | 2.15.2 | Yes |
| Application | mozilla | seamonkey | 2.16 | Yes |
| Application | mozilla | seamonkey | 2.16 | Yes |
| Application | mozilla | seamonkey | 2.16 | Yes |
| Application | mozilla | seamonkey | 2.16 | Yes |
| Application | mozilla | seamonkey | 2.16 | Yes |
| Application | mozilla | seamonkey | 2.16 | Yes |
| Application | mozilla | seamonkey | 2.16.1 | Yes |
| Application | mozilla | seamonkey | 2.16.2 | Yes |
| Application | mozilla | seamonkey | 2.17 | Yes |
| Application | mozilla | seamonkey | 2.17 | Yes |
| Application | mozilla | seamonkey | 2.17 | Yes |
| Application | mozilla | seamonkey | 2.17 | Yes |
| Application | mozilla | seamonkey | 2.17 | Yes |
| Application | mozilla | seamonkey | 2.17.1 | Yes |
| Application | mozilla | seamonkey | 2.18 | Yes |
| Application | mozilla | seamonkey | 2.18 | Yes |
| Application | mozilla | seamonkey | 2.18 | Yes |
| Application | mozilla | seamonkey | 2.18 | Yes |
| Application | mozilla | seamonkey | 2.19 | Yes |
| Application | mozilla | seamonkey | 2.19 | Yes |
| Application | mozilla | seamonkey | 2.19 | Yes |
| Application | mozilla | seamonkey | 2.20 | Yes |
| Application | mozilla | seamonkey | 2.20 | Yes |
| Application | mozilla | seamonkey | 2.20 | Yes |