CVE-2013-1674

HIGH

Description

Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.

References

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html

http://rhn.redhat.com/errata/RHSA-2013-0820.html

http://rhn.redhat.com/errata/RHSA-2013-0821.html

http://www.debian.org/security/2013/dsa-2699

http://www.mandriva.com/security/advisories?name=MDVSA-2013:165

http://www.mozilla.org/security/announce/2013/mfsa2013-46.html

http://www.securityfocus.com/bid/59859

http://www.ubuntu.com/usn/USN-1822-1

http://www.ubuntu.com/usn/USN-1823-1

https://bugzilla.mozilla.org/show_bug.cgi?id=860971

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17147

Details

Source: MITRE

Published: 2013-05-16

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Tenable Plugins

View all (30 total)

ID	Name	Product	Family	Severity
75014	openSUSE Security Update : xulrunner (openSUSE-SU-2013:0929-1)	Nessus	SuSE Local Security Checks	critical
75013	openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:0894-1)	Nessus	SuSE Local Security Checks	critical
75009	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:0946-1)	Nessus	SuSE Local Security Checks	critical
70183	GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
68949	SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)	Nessus	SuSE Local Security Checks	critical
68821	Oracle Linux 6 : thunderbird (ELSA-2013-0821)	Nessus	Oracle Linux Local Security Checks	critical
68820	Oracle Linux 5 / 6 : firefox (ELSA-2013-0820)	Nessus	Oracle Linux Local Security Checks	critical
67201	Debian DSA-2720-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
66766	Debian DSA-2699-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
801267	Mozilla Firefox 20.x <= 20 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	medium
66482	Mozilla Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities	Nessus	Windows	critical
66481	Mozilla Thunderbird 17.x < 17.0.5 Multiple Vulnerabilities	Nessus	Windows	critical
66480	Firefox < 21.0 Multiple Vulnerabilities	Nessus	Windows	critical
66479	Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities	Nessus	Windows	critical
66478	Thunderbird ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
66477	Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
66476	Firefox < 21.0 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
66475	Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
66461	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130514)	Nessus	Scientific Linux Local Security Checks	critical
66460	Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130514)	Nessus	Scientific Linux Local Security Checks	critical
66455	FreeBSD : mozilla -- multiple vulnerabilities (4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02)	Nessus	FreeBSD Local Security Checks	critical
6828	Mozilla Firefox < 21.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
801314	Mozilla Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
66443	Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1823-1)	Nessus	Ubuntu Local Security Checks	critical
66442	Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1822-1)	Nessus	Ubuntu Local Security Checks	critical
66438	RHEL 5 / 6 : thunderbird (RHSA-2013:0821)	Nessus	Red Hat Local Security Checks	critical
66437	RHEL 5 / 6 : firefox (RHSA-2013:0820)	Nessus	Red Hat Local Security Checks	critical
66430	CentOS 5 / 6 : thunderbird (CESA-2013:0821)	Nessus	CentOS Local Security Checks	critical
66429	CentOS 5 / 6 : firefox (CESA-2013:0820)	Nessus	CentOS Local Security Checks	critical
6822	Mozilla Thunderbird 17.x < 17.0.6 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	high