10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.927 High
EPSS
Percentile
99.0%
The Mozilla Project reports:
MFSA 2013-63 Miscellaneous memory safety hazards (rv:23.0 /
rv:17.0.8)
MFSA 2013-64 Use after free mutating DOM during SetBody
MFSA 2013-65 Buffer underflow when generating CRMF requests
MFSA 2013-66 Buffer overflow in Mozilla Maintenance Service and
Mozilla Updater
MFSA 2013-67 Crash during WAV audio file decoding
MFSA 2013-68 Document URI misrepresentation and masquerading
MFSA 2013-69 CRMF requests allow for code execution and XSS
attacks
MFSA 2013-70 Bypass of XrayWrappers using XBL Scopes
MFSA 2013-71 Further Privilege escalation through Mozilla Updater
MFSA 2013-72 Wrong principal used for validating URI for some
Javascript components
MFSA 2013-73 Same-origin bypass with web workers and
XMLHttpRequest
MFSA 2013-74 Firefox full and stub installer DLL hijacking
MFSA 2013-75 Local Java applets may read contents of local file
system
www.mozilla.org/security/known-vulnerabilities/
www.mozilla.org/security/announce/2013/mfsa2013-63.html
www.mozilla.org/security/announce/2013/mfsa2013-64.html
www.mozilla.org/security/announce/2013/mfsa2013-65.html
www.mozilla.org/security/announce/2013/mfsa2013-66.html
www.mozilla.org/security/announce/2013/mfsa2013-67.html
www.mozilla.org/security/announce/2013/mfsa2013-68.html
www.mozilla.org/security/announce/2013/mfsa2013-69.html
www.mozilla.org/security/announce/2013/mfsa2013-70.html
www.mozilla.org/security/announce/2013/mfsa2013-71.html
www.mozilla.org/security/announce/2013/mfsa2013-72.html