Vulnerability Details : CVE-2013-0783
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2013-0783
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0783
4.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0783
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2013-0783
-
https://bugzilla.mozilla.org/show_bug.cgi?id=826471
826471 - compartment mismatch in nsWindowSH::NewResolve for _content with XraysIssue Tracking;Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16219
Repository / Oval RepositoryThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=830975
830975 - [FIX] nsDocument::FlushPendingNotifications looks suspiciousIssue Tracking;Patch;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=761448
761448 - [FIX] "ASSERTION: We should never be reusing a shared inner window" with pagehide eventIssue Tracking;Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1729-2
USN-1729-2: Firefox regression | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=818241
818241 - Conditional jump/move depends on uninitialized data in Quartz backendIssue Tracking;Patch;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=780549
780549 - crash access violation mozjs!js::types::AutoEnterCompilation::~AutoEnterCompilationIssue Tracking;Patch;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=830399
830399 - compartment mismatch in nsXMLHttpRequest::GetInterface (with addon?)Issue Tracking;Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1729-1
USN-1729-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=690970
690970 - cycle collector can be made to Unlink live objects (by using weak maps or watchpoints)Issue Tracking;Patch;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=822858
822858 - Crash [@ js::EncapsulatedPtr] or [@ js::types::TypeObject::print] or "Assertion failure: [infer failure] Missing type in object [0x10172f070] lastIndex: int,"Issue Tracking;Patch;Vendor Advisory
-
http://www.mozilla.org/security/announce/2013/mfsa2013-21.html
Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3) — MozillaVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0271.html
RHSA-2013:0271 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html
openSUSE-SU-2013:0324-1: moderate: Mozilla FebruarysThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html
[security-announce] openSUSE-SU-2013:0323-1: important: Mozilla: FebruarThird Party Advisory
-
http://www.debian.org/security/2013/dsa-2699
Debian -- Security Information -- DSA-2699-1 iceweaselThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=812380
812380 - Possible use-after-CC-Unlink due to incorrect cycle collector WeakMap optimizationsIssue Tracking;Patch;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=832162
832162 - JAR/ZIP crash [@nsZipArchive::BuildSynthetics/HashName]Issue Tracking;Patch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0272.html
RHSA-2013:0272 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1748-1
USN-1748-1: Thunderbird vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to