CVE-2013-1690 - Vulnerability Details

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since March 28, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Mozilla	Firefox Thunderbird Thunderbird Esr
Opensuse	Opensuse
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Workstation Gluster Storage Server For On-premise Rhel Productivity
Suse	Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird_esr::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:-::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:vmware::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp3::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
thunderbird-0:17.0.7-1.el5_9	cpe:/a:redhat:rhel_productivity:5	RHSA-2013:0982	2013-06-25T00:00:00Z
firefox-0:17.0.7-1.el5_9	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0981	2013-06-25T00:00:00Z
xulrunner-0:17.0.7-1.el5_9	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0981	2013-06-25T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:17.0.7-1.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0981	2013-06-25T00:00:00Z
xulrunner-0:17.0.7-1.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0981	2013-06-25T00:00:00Z
thunderbird-0:17.0.7-1.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0982	2013-06-25T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html
http://rhn.redhat.com/errata/RHSA-2013-0981.html
http://rhn.redhat.com/errata/RHSA-2013-0982.html
http://www.debian.org/security/2013/dsa-2716
http://www.debian.org/security/2013/dsa-2720
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
http://www.securityfocus.com/bid/60778
http://www.ubuntu.com/usn/USN-1890-1
http://www.ubuntu.com/usn/USN-1891-1
https://bugzilla.mozilla.org/show_bug.cgi?id=857883
https://bugzilla.mozilla.org/show_bug.cgi?id=901365
https://nvd.nist.gov/vuln/detail/CVE-2013-1690
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2013-1690

History

Fri, 07 Feb 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-28'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 21 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr::::::::
Vendors & Products	Mozilla firefox Esr

Tue, 13 Aug 2024 23:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2013-06-26T01:00:00.000Z

Updated: 2025-02-07T12:51:17.394Z

Reserved: 2013-02-13T00:00:00.000Z

Link: CVE-2013-1690

Vulnrichment

Updated: 2024-08-06T15:13:32.269Z

NVD

Status : Deferred

Published: 2013-06-26T03:19:10.793

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-1690

Redhat

Severity : Critical

Publid Date: 2013-06-25T00:00:00Z

Links: CVE-2013-1690 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-25T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01.000Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "USN-1890-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"name": "RHSA-2013:0982", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"name": "SUSE-SU-2013:1153", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"name": "SUSE-SU-2013:1152", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"name": "RHSA-2013:0981", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"name": "USN-1891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"name": "openSUSE-SU-2013:1141", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"name": "DSA-2716", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2716"}, {"name": "oval:org.mitre.oval:def:16996", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}, {"name": "openSUSE-SU-2013:1142", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"name": "openSUSE-SU-2013:1140", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"name": "DSA-2720", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2720"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"name": "60778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/60778"}, {"name": "openSUSE-SU-2013:1143", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2013-1690", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-1890-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"name": "RHSA-2013:0982", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"name": "SUSE-SU-2013:1153", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"name": "SUSE-SU-2013:1152", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"name": "RHSA-2013:0981", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"name": "USN-1891-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"name": "openSUSE-SU-2013:1141", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"name": "DSA-2716", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2716"}, {"name": "oval:org.mitre.oval:def:16996", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}, {"name": "openSUSE-SU-2013:1142", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"name": "openSUSE-SU-2013:1140", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"name": "DSA-2720", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2720"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"name": "60778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/60778"}, {"name": "openSUSE-SU-2013:1143", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:32.269Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1890-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"name": "RHSA-2013:0982", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"name": "SUSE-SU-2013:1153", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"name": "SUSE-SU-2013:1152", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"name": "RHSA-2013:0981", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"name": "USN-1891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"name": "openSUSE-SU-2013:1141", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"name": "DSA-2716", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2716"}, {"name": "oval:org.mitre.oval:def:16996", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}, {"name": "openSUSE-SU-2013:1142", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"name": "openSUSE-SU-2013:1140", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"name": "DSA-2720", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2720"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"name": "60778", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/60778"}, {"name": "openSUSE-SU-2013:1143", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T12:51:14.546232Z", "id": "CVE-2013-1690", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-28", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-1690"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T12:51:17.394Z"}}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2013-1690", "datePublished": "2013-06-26T01:00:00.000Z", "dateReserved": "2013-02-13T00:00:00.000Z", "dateUpdated": "2025-02-07T12:51:17.394Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.ubuntu.com/usn/USN-1890-1", "name": "USN-1890-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html", "name": "RHSA-2013:0982", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html", "name": "SUSE-SU-2013:1153", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html", "name": "SUSE-SU-2013:1152", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html", "name": "RHSA-2013:0981", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1891-1", "name": "USN-1891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html", "name": "openSUSE-SU-2013:1141", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.debian.org/security/2013/dsa-2716", "name": "DSA-2716", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996", "name": "oval:org.mitre.oval:def:16996", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html", "name": "openSUSE-SU-2013:1142", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html", "name": "openSUSE-SU-2013:1140", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.debian.org/security/2013/dsa-2720", "name": "DSA-2720", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/60778", "name": "60778", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html", "name": "openSUSE-SU-2013:1143", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:32.269Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2013-1690", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T12:51:14.546232Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-28", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-1690"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T12:48:50.290Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-25T00:00:00.000Z", "references": [{"url": "http://www.ubuntu.com/usn/USN-1890-1", "name": "USN-1890-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html", "name": "RHSA-2013:0982", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html", "name": "SUSE-SU-2013:1153", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html", "name": "SUSE-SU-2013:1152", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html", "name": "RHSA-2013:0981", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.ubuntu.com/usn/USN-1891-1", "name": "USN-1891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html", "name": "openSUSE-SU-2013:1141", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.debian.org/security/2013/dsa-2716", "name": "DSA-2716", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996", "name": "oval:org.mitre.oval:def:16996", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html", "name": "openSUSE-SU-2013:1142", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html", "name": "openSUSE-SU-2013:1140", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.debian.org/security/2013/dsa-2720", "name": "DSA-2720", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/60778", "name": "60778", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html", "name": "openSUSE-SU-2013:1143", "tags": ["vendor-advisory", "x_refsource_SUSE"]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2017-09-18T12:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ubuntu.com/usn/USN-1890-1", "name": "USN-1890-1", "refsource": "UBUNTU"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html", "name": "RHSA-2013:0982", "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html", "name": "SUSE-SU-2013:1153", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html", "name": "SUSE-SU-2013:1152", "refsource": "SUSE"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883", "refsource": "CONFIRM"}, {"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html", "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html", "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html", "name": "RHSA-2013:0981", "refsource": "REDHAT"}, {"url": "http://www.ubuntu.com/usn/USN-1891-1", "name": "USN-1891-1", "refsource": "UBUNTU"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html", "name": "openSUSE-SU-2013:1141", "refsource": "SUSE"}, {"url": "http://www.debian.org/security/2013/dsa-2716", "name": "DSA-2716", "refsource": "DEBIAN"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996", "name": "oval:org.mitre.oval:def:16996", "refsource": "OVAL"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html", "name": "openSUSE-SU-2013:1142", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html", "name": "openSUSE-SU-2013:1140", "refsource": "SUSE"}, {"url": "http://www.debian.org/security/2013/dsa-2720", "name": "DSA-2720", "refsource": "DEBIAN"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/60778", "name": "60778", "refsource": "BID"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html", "name": "openSUSE-SU-2013:1143", "refsource": "SUSE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-1690", "STATE": "PUBLIC", "ASSIGNER": "security@mozilla.org"}}}}, "cveMetadata": {"cveId": "CVE-2013-1690", "state": "PUBLISHED", "dateUpdated": "2025-02-07T12:51:17.394Z", "dateReserved": "2013-02-13T00:00:00.000Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2013-06-26T01:00:00.000Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-04-18", "cisaExploitAdd": "2022-03-28", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0321165-FB26-4E37-B9EC-E09FF46034B4", "versionEndExcluding": "22.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "56FCDE03-FF73-45AE-8100-44BD50C4BD27", "versionEndExcluding": "17.0.7", "versionStartIncluding": "17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "945D0C7E-E76B-4E80-A78E-8FC59E0579E6", "versionEndExcluding": "17.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "D30B82F9-F16D-48C8-BFC4-1F4FA628B9E2", "versionEndExcluding": "17.0.7", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "4339DE06-19FB-4B8E-B6AE-3495F605AD05", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*", "matchCriteriaId": "00720D8C-3FF3-4B1C-B74B-91F01A544399", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*", "matchCriteriaId": "7F4AF9EC-7C74-40C3-A1BA-82B80C4A7EE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:vmware:*:*", "matchCriteriaId": "DB9BBC2E-7D91-4879-898A-520D2D758D1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*", "matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*", "matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", "matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*", "matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."}, {"lang": "es", "value": "Mozilla Firefox anterior a 22.0, Firefox ESR 17.x anterior a 17.0.7, Thunderbird anterior a 17.0.7, y Thunderbird ESR 17.x anterior a 17.0.7 no manejan adecuadamente los eventos \"onreadystatechange\" en conjunci\u00f3n con las recargas de p\u00e1gina, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n arbitraria de c\u00f3digo a trav\u00e9s de un sitio web manipulado que provoca un intento de ejecuci\u00f3n de datos y una asignaci\u00f3n de memoria sin mapear."}], "id": "CVE-2013-1690", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2013-06-26T03:19:10.793", "references": [{"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2716"}, {"source": "security@mozilla.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2720"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"source": "security@mozilla.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/60778"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-53.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/60778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1890-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1891-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=857883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=901365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "affected_release": [{"advisory": "RHSA-2013:0982", "cpe": "cpe:/a:redhat:rhel_productivity:5", "package": "thunderbird-0:17.0.7-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0981", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:17.0.7-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0981", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xulrunner-0:17.0.7-1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:17.0.7-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0981", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "xulrunner-0:17.0.7-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-06-25T00:00:00Z"}, {"advisory": "RHSA-2013:0982", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:17.0.7-1.el6_4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-06-25T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Execution of unmapped memory through onreadystatechange event (MFSA 2013-53)", "id": "977602", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977602"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location."], "name": "CVE-2013-1690", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1690\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1690\nhttp://www.mozilla.org/security/announce/2013/mfsa2013-53.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object