Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2013-0800
HistoryApr 03, 2013 - 11:56 a.m.

CVE-2013-0800

2013-04-0311:56:21
[email protected]
web.nvd.nist.gov
53
cve-2013-0800
pixman
cairo
mozilla firefox
firefox esr
thunderbird
thunderbird esr
seamonkey
integer signedness error
arbitrary code execution
out-of-bounds write
remote code execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.7 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

JSON

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.

Affected configurations

NVD
Node
mozillafirefoxRange<20.0
OR
mozillafirefox_esrRange17.017.0.5
OR
mozillaseamonkeyRange<2.17
OR
mozillathunderbirdRange<17.0.5
OR
mozillathunderbird_esrRange17.017.0.5
Node
debiandebian_linuxMatch7.0
Node
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch11.10
OR
canonicalubuntu_linuxMatch12.04-
OR
canonicalubuntu_linuxMatch12.10
Node
opensuseopensuseMatch11.4
OR
opensuseopensuseMatch12.1
OR
opensuseopensuseMatch12.2
OR
opensuseopensuseMatch12.3
OR
suselinux_enterprise_desktopMatch10sp4-
OR
suselinux_enterprise_desktopMatch11sp2
OR
suselinux_enterprise_serverMatch10sp4-
OR
suselinux_enterprise_serverMatch11sp1ltss-
OR
suselinux_enterprise_serverMatch11sp1ltssvmware
OR
suselinux_enterprise_serverMatch11sp2-
OR
suselinux_enterprise_serverMatch11sp2vmware
OR
suselinux_enterprise_software_development_kitMatch10sp4
OR
suselinux_enterprise_software_development_kitMatch11sp2

Related

nessus 42
fedora 3
prion 1
openvas 62
ubuntucve 1
cvelist 1
nvd 1
mozilla 1
veracode 4
redhat 2
centos 2
oraclelinux 2
ubuntu 3
suse 8
securityvulns 1
freebsd 1
debian 1
ibm 2
gentoo 1
nessus
nessus
Fedora 18 : seamonkey-2.17-1.fc18 (2013-4957)
2013-04-16 00:00:00
Fedora 17 : seamonkey-2.17-1.fc17 (2013-4983)
2013-04-16 00:00:00
Fedora 19 : seamonkey-2.17-1.fc19 (2013-4871)
2013-04-22 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: seamonkey-2.17-1.fc19
2013-04-20 19:52:58
[SECURITY] Fedora 18 Update: seamonkey-2.17-1.fc18
2013-04-15 23:54:02
[SECURITY] Fedora 17 Update: seamonkey-2.17-1.fc17
2013-04-16 00:14:29
prion
prion
Integer overflow
2013-04-03 11:56:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2013-31) - Linux
2021-11-11 00:00:00
Fedora Update for seamonkey FEDORA-2013-4957
2013-04-19 00:00:00
Fedora Update for seamonkey FEDORA-2013-4957
2013-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2013-0800
2013-04-03 00:00:00
cvelist
cvelist
CVE-2013-0800
2013-04-03 10:00:00
nvd
nvd
CVE-2013-0800
2013-04-03 11:56:21
mozilla
mozilla
Out-of-bounds write in Cairo library — Mozilla
2013-04-02 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:44:29
Same-Origin Policy Bypass
2019-05-02 04:44:29
Cross-Site Scripting (XSS)
2019-05-02 04:44:28
redhat
redhat
(RHSA-2013:0697) Important: thunderbird security update
2013-04-02 00:00:00
(RHSA-2013:0696) Critical: firefox security update
2013-04-02 00:00:00
centos
centos
firefox, xulrunner security update
2013-04-03 04:34:09
thunderbird security update
2013-04-03 04:39:37
oraclelinux
oraclelinux
firefox security update
2013-04-02 00:00:00
thunderbird security update
2013-04-02 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2013-04-08 00:00:00
Unity Firefox Extension update
2013-04-04 00:00:00
Firefox vulnerabilities
2013-04-04 00:00:00
suse
suse
Mozilla Firefox and others: Update to Firefox 20.0 release (important)
2013-04-05 15:06:14
Security update for Mozilla Firefox (important)
2013-05-28 22:04:36
Security update for Mozilla Firefox (important)
2013-05-28 21:04:38
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-04-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-04-02 00:00:00
debian
debian
[SECURITY] [DSA 2699-1] iceweasel security update
2013-06-02 16:37:13
ibm
ibm
Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-09-27 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.7 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

JSON
Related for CVE-2013-0800
nessus42fedora3prion1openvas62ubuntucve1cvelist1nvd1mozilla1veracode4redhat2centos2oraclelinux2ubuntu3suse8securityvulns1freebsd1debian1ibm2gentoo1