9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.088 Low
EPSS
Percentile
94.6%
Added: 08/22/2013
CVE: CVE-2013-1690
BID: 60778
OSVDB: 94584
Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS.
A use-after-free vulnerability is triggered when handling **onreadystatechange**
events and Event or Page reloads at the same time. A remote attacker that persuades a user to open a scpecially crafted page could potentially execute arbitrary code in the context of the vulnerable user.
Upgrade to Firefox 22.0 or newer.
<http://www.mozilla.org/security/announce/2013/mfsa2013-53.html>
This exploit was tested against Mozilla Firefox 17.0.1 and 21.0 on Windows XP SP3 English (DEP OptIn).
The user must load the exploit page in a vulnerable version of Firefox.
Windows