Lucene search

MozillaCVE-2013-1675

HistoryMay 16, 2013 - 11:45 a.m.

CVE-2013-1675

2013-05-1611:45:30

CWE-665

mozilla

web.nvd.nist.gov

871

In Wild

cve-2013-1675

mozilla

firefox

thunderbird

security vulnerability

remote attackers

information disclosure

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

8.7

Confidence

High

EPSS

0.061

Percentile

93.6%

JSON

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Affected configurations

Nvd

Node

mozillafirefoxRange<21.0

mozillafirefox_esrRange17.0–17.0.6

mozillathunderbirdRange<17.0.6

mozillathunderbird_esrRange17.0–17.0.6

Node

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

Node

debiandebian_linuxMatch7.0

Node

redhatgluster_storage_server_for_on-premiseMatch2.1

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch5.9

redhatenterprise_linux_eusMatch6.4

redhatenterprise_linux_for_ibm_z_systemsMatch5.0_s390x

redhatenterprise_linux_for_ibm_z_systemsMatch6.0_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch5.9_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch6.4_s390x

redhatenterprise_linux_for_power_big_endianMatch5.0_ppc

redhatenterprise_linux_for_power_big_endianMatch6.0_ppc64

redhatenterprise_linux_for_power_big_endian_eusMatch5.9_ppc

redhatenterprise_linux_for_power_big_endian_eusMatch6.4_ppc64

redhatenterprise_linux_for_scientific_computingMatch6.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch5.9

redhatenterprise_linux_server_ausMatch6.4

redhatenterprise_linux_server_eus_from_rhuiMatch5.9

redhatenterprise_linux_server_eus_from_rhuiMatch6.4

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

References

lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html

rhn.redhat.com/errata/RHSA-2013-0820.html

rhn.redhat.com/errata/RHSA-2013-0821.html

www.debian.org/security/2013/dsa-2699

www.mandriva.com/security/advisories?name=MDVSA-2013:165

www.mozilla.org/security/announce/2013/mfsa2013-47.html

www.securityfocus.com/bid/59858

www.ubuntu.com/usn/USN-1822-1

www.ubuntu.com/usn/USN-1823-1

bugzilla.mozilla.org/show_bug.cgi?id=866825

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

8.7

Confidence

High

EPSS

0.061

Percentile

93.6%

JSON

Related for CVE-2013-1675