CVE-2013-1690 : Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.

Published 2013-06-26 03:19:11

Updated 2025-03-21 19:25:08

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2013-1690

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 5.9
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.4
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 5.9
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
Matching versions
Redhat » Gluster Storage Server For On-premise » Version: 2.0
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2 For Vmware
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP3 For Vmware
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP1 Ltss Edition
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP1 Ltss Edition For Vmware
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:vmware:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 10 Update SP4
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions before (<) 22.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions from including (>=) 17.0 and before (<) 17.0.7
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions before (<) 17.0.7
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird Esr
Versions from including (>=) 17.0 and before (<) 17.0.7
cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 13.04
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.2
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 12.3
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
Matching versions

CVE-2013-1690 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2013-1690

Added on 2022-03-28 Action due date 2022-04-18

Exploit prediction scoring system (EPSS) score for CVE-2013-1690

EPSS FAQ

64.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2013-1690

Firefox onreadystatechange Event DocumentViewerImpl Use After Free

Disclosure Date: 2013-06-25

First seen: 2020-04-26

exploit/windows/browser/mozilla_firefox_onreadystatechange

This module exploits a vulnerability found on Firefox 17.0.6, specifically a use after free of a DocumentViewerImpl object, triggered via a specially crafted web page using onreadystatechange events and the window.stop() API, as exploited in the wild on 2013 August t

More information

CVSS scores for CVE-2013-1690

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-07
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2024-07-09
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2013-1690

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2013-1690

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html

[security-announce] openSUSE-SU-2013:1140-1: important: regular updates
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html

[security-announce] openSUSE-SU-2013:1142-1: important: MozillaFirefox:
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html

[security-announce] SUSE-SU-2013:1153-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996

Repository / Oval Repository
Broken Link
http://www.debian.org/security/2013/dsa-2716

Debian -- Security Information -- DSA-2716-1 iceweasel
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2013/dsa-2720

Debian -- Security Information -- DSA-2720-1 icedove
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html

Execution of unmapped memory through onreadystatechange event — Mozilla
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html

[security-announce] openSUSE-SU-2013:1143-1: important: xulrunner: 17.0.
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1890-1

USN-1890-1: Firefox vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=857883

857883 - (CVE-2013-1690) Crash with onreadystatechange and reload
Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html

[security-announce] SUSE-SU-2013:1152-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=901365

901365 - Firefox 0-day found on Tor .onion service (reported on Reddit)
Issue Tracking
http://www.securityfocus.com/bid/60778

Mozilla Firefox/Thunderbird CVE-2013-1690 Remote Code Execution Vulnerability
Broken Link;Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2013-0982.html

RHSA-2013:0982 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0981.html

RHSA-2013:0981 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1891-1

USN-1891-1: Thunderbird vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html

[security-announce] openSUSE-SU-2013:1141-1: important: MozillaThunderbi
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-1690