CVE-2013-1690

Warning

EPSS 49.62%
Published 26.06.2013 03:19:10
Last modified 11.04.2025 00:51:21
Source security@mozilla.org
Teams watchlist Login
Open Login

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Affected products Warnungen 1 Metrics 4 CWE 1 References 20

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 22.0

Mozilla ≫ Firefox Version >= 17.0 < 17.0.7

Mozilla ≫ Thunderbird Version < 17.0.7

Mozilla ≫ Thunderbird Esr Version >= 17.0 < 17.0.7

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.04

Debian ≫ Debian Linux Version7.0

Redhat ≫ Gluster Storage Server For On-premise Version2.0

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version5.9

Redhat ≫ Enterprise Linux Eus Version6.4

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Aus Version5.9

Redhat ≫ Enterprise Linux Server Aus Version6.4

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.2

Opensuse ≫ Opensuse Version12.3

Suse ≫ Linux Enterprise Desktop Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Desktop Version11 Updatesp2

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss SwPlatformvmware

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3

28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability

Vulnerability

Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	49.62%	0.977

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html

Third Party Advisory

Mailing List