1. Home
  2. Vulnerabilities
  3. CVE-2013-1690

CVE-2013-1690

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 9.3 (High)
93% Progress
EPSS 22.22 % (97th)
22.22% Progress
Affected Products 16
Advisories 11
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Weaknesses
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Mozilla Corporation
Published Date
2013-06-26 03:19:10
(11 years ago)
Updated Date
2024-07-09 18:25:57
(2 months ago)
Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-1690
Vendor
Mozilla
Product
Firefox and Thunderbird
In CISA Catalog from
2022-03-28
(2 years ago)
Due Date
2022-04-18
(2 years ago)

Affected Products

Canonical

Debian

Mozilla

Opensuse

Redhat

Suse

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 22.0 version cpe:2.3:a:mozilla:firefox < 22.0
  Mozilla Firefox Esr from 17.0 version and prior 17.0.7 version cpe:2.3:a:mozilla:firefox_esr >= 17.0 < 17.0.7
  Mozilla Thunderbird prior 17.0.7 version cpe:2.3:a:mozilla:thunderbird < 17.0.7
  Mozilla Thunderbird Esr from 17.0 version and prior 17.0.7 version cpe:2.3:a:mozilla:thunderbird_esr >= 17.0 < 17.0.7

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-
  Canonical Ubuntu Linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10
  Canonical Ubuntu Linux 13.04 cpe:2.3:o:canonical:ubuntu_linux:13.04

Configuration #3

    CPE23 From Up To
  Debian Linux 7.0 cpe:2.3:o:debian:debian_linux:7.0

Configuration #4

    CPE23 From Up To
  Redhat Gluster Storage Server for On-premise 2.0 cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0
  Redhat Enterprise Linux Desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
  Redhat Enterprise Linux Desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  Redhat Enterprise Linux Eus 5.9 cpe:2.3:o:redhat:enterprise_linux_eus:5.9
  Redhat Enterprise Linux Eus 6.4 cpe:2.3:o:redhat:enterprise_linux_eus:6.4
  Redhat Enterprise Linux Server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0
  Redhat Enterprise Linux Server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0
  Redhat Enterprise Linux Server Aus 5.9 cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9
  Redhat Enterprise Linux Server Aus 6.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
  Redhat Enterprise Linux Workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
  Redhat Enterprise Linux Workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0

Configuration #5

    CPE23 From Up To
  Opensuse 11.4 cpe:2.3:o:opensuse:opensuse:11.4
  Opensuse 12.2 cpe:2.3:o:opensuse:opensuse:12.2
  Opensuse 12.3 cpe:2.3:o:opensuse:opensuse:12.3
  Suse Linux Enterprise Desktop 10 SP4 cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-
  Suse Linux Enterprise Desktop 11 SP2 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2
  Suse Linux Enterprise Desktop 11 SP3 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3
  Suse Linux Enterprise Server 10 SP4 cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-
  Suse Linux Enterprise Server 11 SP1 For cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-
  Suse Linux Enterprise Server 11 SP1 for Vmware cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:vmware
  Suse Linux Enterprise Server 11 SP2 For cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-
  Suse Linux Enterprise Server 11 SP2 for Vmware cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware
  Suse Linux Enterprise Server 11 SP3 For cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-
  Suse Linux Enterprise Server 11 SP3 for Vmware cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware
  Suse Linux Enterprise Software Development Kit 10 SP4 cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4
  Suse Linux Enterprise Software Development Kit 11 SP3 cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3