Vulnerability Details : CVE-2013-1720
The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2013-1720
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:17.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.11:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta5:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta6:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.16:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.15:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.14:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.20:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.19:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.19:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.18:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.18:beta4:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.18:beta3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.20:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.18:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.20:beta3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1720
4.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1720
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-1720
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1720
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html
[SECURITY] Fedora 20 Update: firefox-24.0-1.fc20
-
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html
openSUSE-SU-2013:1493-1: moderate: update for MozillaFirefox
-
http://www.ubuntu.com/usn/USN-1951-1
USN-1951-1: Firefox vulnerabilities | Ubuntu security notices
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18617
Repository / Oval Repository
-
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html
openSUSE-SU-2013:1499-1: moderate: Mozilla updates September 2013
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html
[SECURITY] Fedora 18 Update: firefox-24.0-1.fc18
-
http://www.securityfocus.com/bid/62465
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-1720 Heap Buffer Overflow Vulnerability
-
http://www.ubuntu.com/usn/USN-1952-1
USN-1952-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://www.mozilla.org/security/announce/2013/mfsa2013-77.html
Improper state in HTML5 Tree Builder with templates — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html
openSUSE-SU-2013:1495-1: moderate: update for MozillaThunderbird
-
https://bugzilla.mozilla.org/show_bug.cgi?id=888820
888820 - (CVE-2013-1720) Heap-buffer-overflow READ in nsHtml5TreeBuilder::resetTheInsertionMode()
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html
[SECURITY] Fedora 19 Update: firefox-24.0-1.fc19
-
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html
openSUSE-SU-2013:1491-1: moderate: update for seamonkey
Jump to