CVE-2013-1675

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0820.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0821.html	Third Party Advisory
http://www.debian.org/security/2013/dsa-2699	Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:165	Broken Link
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html	Vendor Advisory
http://www.securityfocus.com/bid/59858	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1822-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-1823-1	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=866825	Exploit Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird_esr::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:5.9_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:5.9_ppc:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.4_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus_from_rhui:5.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus_from_rhui:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*

History

No history.

Information

Published : 2013-05-16 11:45

Updated : 2024-07-16 17:35

NVD link : CVE-2013-1675

Mitre link : CVE-2013-1675

CVE.ORG link : CVE-2013-1675

JSON object : View

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux_eus
enterprise_linux_for_ibm_z_systems
gluster_storage_server_for_on-premise
enterprise_linux_server_aus
enterprise_linux_for_scientific_computing
enterprise_linux_server
enterprise_linux_server_eus_from_rhui
enterprise_linux_workstation
enterprise_linux_for_power_big_endian
enterprise_linux_for_power_big_endian_eus
enterprise_linux_for_ibm_z_systems_eus

opensuse

opensuse

mozilla

thunderbird_esr
firefox
thunderbird
firefox_esr

canonical

ubuntu_linux

debian

debian_linux

CWE

CWE-665

Improper Initialization

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2013-1675

6.5^/10

4.3^/10

Attach tags to `CVE-2013-1675`