CVE-2013-1690
critical-risk
Published 2013-06-26
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
Do I need to act?
!
47.1% chance of exploitation in next 30 days
EPSS score — higher than 53% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
References (35)
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0981.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0982.html
Mailing List
http://www.debian.org/security/2013/dsa-2716
Mailing List
http://www.debian.org/security/2013/dsa-2720
Vendor Advisory
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html
Broken Link
http://www.securityfocus.com/bid/60778
Third Party Advisory
http://www.ubuntu.com/usn/USN-1890-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-1891-1
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=857883
Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=901365
and 15 more references
84
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
31/34 · Critical
Exposure
23/34 · High