Vulnerability Details : CVE-2013-0749
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2013-0749
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0749
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0749
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2013-0749
-
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
[security-announce] openSUSE-SU-2013:0131-1: important: Mozilla JanuarysMailing List;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=785358
785358 - Assertion failure: fe->isType(type), at methodjit/Compiler.cpp:7623Issue Tracking;Patch;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=814407
814407 - Use after free in Mesa 8.0 after calling texImage2D on texture already attached to FBO in texture-attachment-formats.html testIssue Tracking;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1681-1
USN-1681-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
[security-announce] SUSE-SU-2013:0049-1: important: Security update forMailing List;Third Party Advisory
-
http://www.palemoon.org/releasenotes-ng.shtml
Pale Moon -Broken Link
-
https://bugzilla.mozilla.org/show_bug.cgi?id=805814
805814 - Mesa heap buffer overflow, exposed by WebGL, mirroring Chrome issue 145525Exploit;Issue Tracking;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16953
Repository / Oval RepositoryThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1681-2
USN-1681-2: Thunderbird vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.mozilla.org/security/announce/2013/mfsa2013-01.html
Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2) — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=814839
814839 - WebGL crash [@mozilla::WebGLContext::Clear] during conformance testIssue Tracking;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=816994
816994 - Opus crash due to race [@opus_multistream_decode_native]Issue Tracking;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
[security-announce] openSUSE-SU-2013:0149-1: important: Mozilla JanuarysMailing List;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=794426
794426 - Simultaneous calls to nsBuiltinDecoderStateMachine::StopAudioThread() cause problemsIssue Tracking;Patch;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=808481
808481 - "Assertion failure: lifetime->entry == uint32_t(entryTarget - outerScript->code),"Issue Tracking;Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
[security-announce] SUSE-SU-2013:0048-1: important: Security update forMailing List;Third Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=805745
805745 - crash in nsWindow::OnPaintExploit;Issue Tracking;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1681-4
USN-1681-4: Firefox regression | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=812847
812847 - Opus heap-buffer-overflow crash [@opus_multistream_decoder_init]Issue Tracking;Vendor Advisory
Jump to