CVE-2013-1723 : The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, an

The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.

Published 2013-09-18 10:08:24

Updated 2017-09-19 01:36:13

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2013-1723

Mozilla » Firefox
Versions up to, including, (<=) 23.0.1
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 19.0
cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 19.0.1
cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 19.0.2
cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 20.0
cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 20.0.1
cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 21.0
cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 22.0
cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 23.0
cpe:2.3:a:mozilla:firefox:23.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions up to, including, (<=) 17.0.9
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0
cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.1
cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.3
cpe:2.3:a:mozilla:thunderbird:17.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.4
cpe:2.3:a:mozilla:thunderbird:17.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.2
cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.5
cpe:2.3:a:mozilla:thunderbird:17.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.6
cpe:2.3:a:mozilla:thunderbird:17.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.7
cpe:2.3:a:mozilla:thunderbird:17.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.8
cpe:2.3:a:mozilla:thunderbird:17.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions up to, including, (<=) 2.20
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.6
cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.5
cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update RC2
cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.4
cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.8
cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.7
cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.2
cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.1
cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Alpha 2
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Alpha 1
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Alpha1
cpe:2.3:a:mozilla:seamonkey:2.1:alpha1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.11
cpe:2.3:a:mozilla:seamonkey:2.0.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.14
cpe:2.3:a:mozilla:seamonkey:2.0.14:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.3
cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Beta 1
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Alpha 3
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.10
cpe:2.3:a:mozilla:seamonkey:2.0.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.12
cpe:2.3:a:mozilla:seamonkey:2.0.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.13
cpe:2.3:a:mozilla:seamonkey:2.0.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update RC1
cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0 Update Beta 2
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Alpha2
cpe:2.3:a:mozilla:seamonkey:2.1:alpha2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.0.9
cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Alpha3
cpe:2.3:a:mozilla:seamonkey:2.1:alpha3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update RC1
cpe:2.3:a:mozilla:seamonkey:2.1:rc1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.1:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1
cpe:2.3:a:mozilla:seamonkey:2.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.1:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.1:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.1 Update RC2
cpe:2.3:a:mozilla:seamonkey:2.1:rc2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.10
cpe:2.3:a:mozilla:seamonkey:2.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13
cpe:2.3:a:mozilla:seamonkey:2.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.10 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.10:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.10 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.10:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.10 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.10:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.10.1
cpe:2.3:a:mozilla:seamonkey:2.10.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.11
cpe:2.3:a:mozilla:seamonkey:2.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.11 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.11:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.11 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.11:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.11 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.11:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.11 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.11:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.11 Update Beta5
cpe:2.3:a:mozilla:seamonkey:2.11:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.11 Update Beta6
cpe:2.3:a:mozilla:seamonkey:2.11:beta6:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.12
cpe:2.3:a:mozilla:seamonkey:2.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.12 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.12:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.12 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.12:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.12 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.12:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.12 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.12:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.12 Update Beta5
cpe:2.3:a:mozilla:seamonkey:2.12:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.12 Update Beta6
cpe:2.3:a:mozilla:seamonkey:2.12:beta6:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.12.1
cpe:2.3:a:mozilla:seamonkey:2.12.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.13:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.13:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.13:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.13:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13 Update Beta5
cpe:2.3:a:mozilla:seamonkey:2.13:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.17 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.17:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.17 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.17:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.16:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta5
cpe:2.3:a:mozilla:seamonkey:2.16:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.15:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.15:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13 Update Beta6
cpe:2.3:a:mozilla:seamonkey:2.13:beta6:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16
cpe:2.3:a:mozilla:seamonkey:2.16:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16.1
cpe:2.3:a:mozilla:seamonkey:2.16.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15.2
cpe:2.3:a:mozilla:seamonkey:2.15.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15 Update Beta5
cpe:2.3:a:mozilla:seamonkey:2.15:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.14 Update Beta5
cpe:2.3:a:mozilla:seamonkey:2.14:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.14 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.14:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.17 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.17:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.16:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16.2
cpe:2.3:a:mozilla:seamonkey:2.16.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15
cpe:2.3:a:mozilla:seamonkey:2.15:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15 Update Beta6
cpe:2.3:a:mozilla:seamonkey:2.15:beta6:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15.1
cpe:2.3:a:mozilla:seamonkey:2.15.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.14 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.14:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.14 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.14:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.16:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.16:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.15:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.15 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.15:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.14
cpe:2.3:a:mozilla:seamonkey:2.14:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.14 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.14:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13.1
cpe:2.3:a:mozilla:seamonkey:2.13.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.13.2
cpe:2.3:a:mozilla:seamonkey:2.13.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.20 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.20:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.19
cpe:2.3:a:mozilla:seamonkey:2.19:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.19 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.19:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.19 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.19:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.17 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.17:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.18 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.18:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.18 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.18:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.18 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.18:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.20 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.20:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.18 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.18:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.17.1
cpe:2.3:a:mozilla:seamonkey:2.17.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.17
cpe:2.3:a:mozilla:seamonkey:2.17:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.20 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.20:beta3:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-1723

EPSS FAQ

1.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-1723

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2013-1723

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1723

http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html

[SECURITY] Fedora 20 Update: firefox-24.0-1.fc20

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html

openSUSE-SU-2013:1493-1: moderate: update for MozillaFirefox

CVEs referencing this url
http://www.mozilla.org/security/announce/2013/mfsa2013-80.html

NativeKey continues handling key messages after widget is destroyed — Mozilla
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19028

Repository / Oval Repository
http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html

openSUSE-SU-2013:1499-1: moderate: Mozilla updates September 2013

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html

[SECURITY] Fedora 18 Update: firefox-24.0-1.fc18

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=891292

891292 - (CVE-2013-1723) NativeKey should not continue handling key message if widget is destroyed after dispatching event
http://www.securityfocus.com/bid/62472

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-1723 Denial of Service Vulnerability
http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html

openSUSE-SU-2013:1495-1: moderate: update for MozillaThunderbird

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html

[SECURITY] Fedora 19 Update: firefox-24.0-1.fc19

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html

openSUSE-SU-2013:1491-1: moderate: update for seamonkey

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-1723

Products affected by CVE-2013-1723

Exploit prediction scoring system (EPSS) score for CVE-2013-1723

CVSS scores for CVE-2013-1723

CWE ids for CVE-2013-1723

References for CVE-2013-1723