Vulnerability Details : CVE-2013-0801
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2013-0801
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird_esr:17.0.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-0801
13.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-0801
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2013-0801
-
http://www.ubuntu.com/usn/USN-1823-1
USN-1823-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html
[security-announce] openSUSE-SU-2013:0946-1: important: MozillaFirefox:
-
http://www.securityfocus.com/bid/59855
Mozilla Firefox and Thunderbird CVE-2013-0801 Memory Corruption Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html
[security-announce] openSUSE-SU-2013:0929-1: important: xulrunner to 17.
-
https://bugzilla.mozilla.org/show_bug.cgi?id=849597
849597 - Crash when inline script in an XML doc framed by <object> removes the <object>
-
https://bugzilla.mozilla.org/show_bug.cgi?id=864558
864558 - It's a horrible idea to do |new JS::Value[n]| and not root it/its contents while filling it in, and while using it after
-
https://bugzilla.mozilla.org/show_bug.cgi?id=787283
787283 - Assertion failure: i >= 0, at jsopcode.cpp:5820 or Crash [@ js::DecompileValueGenerator]
-
http://rhn.redhat.com/errata/RHSA-2013-0820.html
RHSA-2013:0820 - Security Advisory - Red Hat Customer Portal
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165
mandriva.com
-
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html
[security-announce] openSUSE-SU-2013:0825-1: important: MozillaFirefox:
-
https://bugzilla.mozilla.org/show_bug.cgi?id=808402
808402 - FTP use-after-free crash [@nsInputStreamPump::Cancel]
-
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html
[security-announce] openSUSE-SU-2013:0831-1: important: xulrunner to 17.
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17062
Repository / Oval Repository
-
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html
[security-announce] openSUSE-SU-2013:0834-1: important: MozillaThunderbi
-
http://www.mozilla.org/security/announce/2013/mfsa2013-41.html
Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6) — MozillaVendor Advisory
-
http://www.ubuntu.com/usn/USN-1822-1
USN-1822-1: Firefox vulnerabilities | Ubuntu security notices
-
https://bugzilla.mozilla.org/show_bug.cgi?id=866544
866544 - [Mac] Buffer overflow of nsAutoTArray "breakState"
-
http://www.debian.org/security/2013/dsa-2699
Debian -- Security Information -- DSA-2699-1 iceweasel
-
http://rhn.redhat.com/errata/RHSA-2013-0821.html
RHSA-2013:0821 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.mozilla.org/show_bug.cgi?id=852315
852315 - plugin crash running script during plugin destruction
Jump to