CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
96.5%
Versions of Thunderbird prior to 17.0.7 are potentially affected by the following vulnerabilities :
Various, unspecified memory safety issues exist.(CVE-2013-1682, CVE-2013-1683)\m\m - Heap-use-after-free errors exist related to โLookupMediaElementURITableโ, โnsIDocument::GetRootElementโ and โmozilla::ResetDirโ. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)
An error exists related to โXBL scopeโ, โSystem Only Wrappersโ (SOW) and chrome-privileged pages that could allow cross-site scripting attacks. (CVE-2013-1687)
An error exists related to the โprofilerโ that could allow arbitrary code execution. (CVE-2013-1688)
An error related to โonreadystatechangeโ and unmapped memory could cause application crashes and allow arbitrary code execution. (CVE-2013-1690)
The application sends data in the body of XMLHttpRequest (XHR) HEAD requests and could aid in cross-site request forgery attacks. (CVE-2013-1692)
An error related to the processing of SVG content could allow a timing attack to disclose information across domains. (CVE-2013-1693)
An error exists related to โPreserveWrapperโ and the โpreserved-wrapperโ flag that could cause potentially exploitable application crashes. (CVE-2013-1694) - An error exists related to โ<iframe sandbox>โ restrictions that could allow a bypass of these restrictions. (CVE-2013-1695)
The โX-Frame-Optionsโ header is ignored in certain situations and can aid in click-jacking attacks. (CVE-2013-1696)
An error exists related to the โtoStringโ and โvalueOfโ methods that could allow โXrayWrappersโ to be bypassed. (CVE-2013-1697)
An error exists related to the โgetUserMediaโ permission dialog that could allow a user to be tricked into giving access to unintended domains. (CVE-2013-1698)
Homograph domain spoofing protection is incomplete and certain attacks are still possible using Internationalized Domain Names (IDN). (CVE-2013-1699)
An error exists related to the โMozilla Maintenance Serviceโ on Windows that could allow insecure updates. (CVE-2013-1700)
Binary data 801326.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1683
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1700
www.mozilla.org/security/announce/2013/mfsa2013-49.html
www.mozilla.org/security/announce/2013/mfsa2013-50.html
www.mozilla.org/security/announce/2013/mfsa2013-51.html
www.mozilla.org/security/announce/2013/mfsa2013-52.html
www.mozilla.org/security/announce/2013/mfsa2013-53.html
www.mozilla.org/security/announce/2013/mfsa2013-54.html
www.mozilla.org/security/announce/2013/mfsa2013-55.html
www.mozilla.org/security/announce/2013/mfsa2013-56.html
www.mozilla.org/security/announce/2013/mfsa2013-57.html
www.mozilla.org/security/announce/2013/mfsa2013-58.html
www.mozilla.org/security/announce/2013/mfsa2013-59.html
www.mozilla.org/security/announce/2013/mfsa2013-60.html
www.mozilla.org/security/announce/2013/mfsa2013-61.html
www.mozilla.org/security/announce/2013/mfsa2013-62.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
96.5%