CVE-2013-1730

Name	CVE-2013-1730
Description	Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DSA-2759-1, DSA-2762-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
iceape	source	squeeze	(unfixed)	end-of-life
iceape	source	wheezy	(unfixed)	end-of-life
iceape	source	(unstable)	(unfixed)
icedove	source	squeeze	(unfixed)	end-of-life
icedove	source	wheezy	17.0.9-1~deb7u1		DSA-2762-1
icedove	source	(unstable)	17.0.9-1
iceweasel	source	squeeze	(unfixed)	end-of-life
iceweasel	source	wheezy	17.0.9esr-1~deb7u1		DSA-2759-1
iceweasel	source	(unstable)	24.0-1