CVE-2013-1685

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.

References

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html

http://rhn.redhat.com/errata/RHSA-2013-0981.html

http://rhn.redhat.com/errata/RHSA-2013-0982.html

http://www.debian.org/security/2013/dsa-2716

http://www.debian.org/security/2013/dsa-2720

http://www.mozilla.org/security/announce/2013/mfsa2013-50.html

http://www.securityfocus.com/bid/60773

http://www.ubuntu.com/usn/USN-1890-1

http://www.ubuntu.com/usn/USN-1891-1

https://bugzilla.mozilla.org/show_bug.cgi?id=871099

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17330

Details

Source: MITRE

Published: 2013-06-26

Updated: 2017-09-19

Type: CWE-399

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
75081openSUSE Security Update : seamonkey (openSUSE-SU-2013:1180-1)NessusSuSE Local Security Checks
critical
75073openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1142-1)NessusSuSE Local Security Checks
critical
75072openSUSE Security Update : xulrunner (openSUSE-SU-2013:1143-1)NessusSuSE Local Security Checks
critical
75071openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1141-1)NessusSuSE Local Security Checks
critical
68949SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)NessusSuSE Local Security Checks
critical
68840Oracle Linux 6 : thunderbird (ELSA-2013-0982)NessusOracle Linux Local Security Checks
critical
68839Oracle Linux 5 / 6 : firefox (ELSA-2013-0981)NessusOracle Linux Local Security Checks
critical
67201Debian DSA-2720-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
67198SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8636)NessusSuSE Local Security Checks
critical
67195SuSE 11.2 Security Update : Mozilla Firefox (SAT Patch Number 7976)NessusSuSE Local Security Checks
critical
67186Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox regression (USN-1890-2)NessusUbuntu Local Security Checks
critical
67101Debian DSA-2716-1 : iceweasel - several vulnerabilitiesNessusDebian Local Security Checks
critical
801326Mozilla Thunderbird < 17.0.7 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
6894Mozilla Thunderbird < 17.0.7 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
high
67001Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1891-1)NessusUbuntu Local Security Checks
critical
67000Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)NessusUbuntu Local Security Checks
critical
66999FreeBSD : mozilla -- multiple vulnerabilities (b3fcb387-de4b-11e2-b1c6-0025905a4771)NessusFreeBSD Local Security Checks
critical
66997CentOS 5 / 6 : thunderbird (CESA-2013:0982)NessusCentOS Local Security Checks
critical
66996CentOS 5 / 6 : firefox / xulrunner (CESA-2013:0981)NessusCentOS Local Security Checks
critical
801353Mozilla Firefox < 22.0 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6886Mozilla Firefox < 22.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
66995Mozilla Thunderbird ESR 17.x < 17.0.7 Multiple VulnerabilitiesNessusWindows
critical
66994Mozilla Thunderbird < 17.0.7 Multiple VulnerabilitiesNessusWindows
critical
66993Firefox < 22.0 Multiple VulnerabilitiesNessusWindows
critical
66992Firefox ESR 17.x < 17.0.7 Multiple VulnerabilitiesNessusWindows
critical
66991Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66990Thunderbird < 17.0.7 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66989Firefox < 22.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66988Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
66984Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130625)NessusScientific Linux Local Security Checks
critical
66983Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20130625)NessusScientific Linux Local Security Checks
critical
66980RHEL 5 / 6 : thunderbird (RHSA-2013:0982)NessusRed Hat Local Security Checks
critical
66979RHEL 5 / 6 : firefox (RHSA-2013:0981)NessusRed Hat Local Security Checks
critical