Lucene search

[email protected]NVD:CVE-2013-1675

HistoryMay 16, 2013 - 11:45 a.m.

CVE-2013-1675

2013-05-1611:45:30

CWE-665

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.061

Percentile

93.6%

JSON

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

Affected configurations

Nvd

Node

mozillafirefoxRange<21.0

mozillafirefox_esrRange17.0–17.0.6

mozillathunderbirdRange<17.0.6

mozillathunderbird_esrRange17.0–17.0.6

Node

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

Node

debiandebian_linuxMatch7.0

Node

redhatgluster_storage_server_for_on-premiseMatch2.1

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch5.9

redhatenterprise_linux_eusMatch6.4

redhatenterprise_linux_for_ibm_z_systemsMatch5.0_s390x

redhatenterprise_linux_for_ibm_z_systemsMatch6.0_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch5.9_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch6.4_s390x

redhatenterprise_linux_for_power_big_endianMatch5.0_ppc

redhatenterprise_linux_for_power_big_endianMatch6.0_ppc64

redhatenterprise_linux_for_power_big_endian_eusMatch5.9_ppc

redhatenterprise_linux_for_power_big_endian_eusMatch6.4_ppc64

redhatenterprise_linux_for_scientific_computingMatch6.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch5.9

redhatenterprise_linux_server_ausMatch6.4

redhatenterprise_linux_server_eus_from_rhuiMatch5.9

redhatenterprise_linux_server_eus_from_rhuiMatch6.4

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

References

lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html

rhn.redhat.com/errata/RHSA-2013-0820.html

rhn.redhat.com/errata/RHSA-2013-0821.html

www.debian.org/security/2013/dsa-2699

www.mandriva.com/security/advisories?name=MDVSA-2013:165

www.mozilla.org/security/announce/2013/mfsa2013-47.html

www.securityfocus.com/bid/59858

www.ubuntu.com/usn/USN-1822-1

www.ubuntu.com/usn/USN-1823-1

bugzilla.mozilla.org/show_bug.cgi?id=866825

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.061

Percentile

93.6%

JSON

Related for NVD:CVE-2013-1675

prion1 cve1 ubuntucve1 openvas54 cisa_kev1 mozilla1 attackerkb1 cvelist1 nessus30 redhat2 veracode6 oraclelinux2 centos2 suse8 ubuntu2 freebsd1 securityvulns1 ibm2 debian1 gentoo1