CVE-2013-0792Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 23.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedApr 3
Latest updateMay 17

Description

Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox19.0.2+2
NVDmozilla/seamonkey2.17+48

🔴Vulnerability Details

2
GHSA
GHSA-4pjq-v35q-w936: Mozilla Firefox before 202022-05-17
CVEList
CVE-2013-0792: Mozilla Firefox before 202013-04-03

💥Exploits & PoCs

3
Metasploit
Microsoft Exchange ProxyLogon Collector
Metasploit
Microsoft Exchange ProxyLogon Scanner
Metasploit
Microsoft Exchange ProxyLogon RCE

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2013-04-04
Red Hat
Mozilla: Memory corruption while rendering grayscale PNG images (MFSA 2013-39)2013-04-02

💬Community

1
Bugzilla
CVE-2013-0792 Mozilla: Memory corruption while rendering grayscale PNG images (MFSA 2013-39)2013-04-01
CVE-2013-0792 — Sensitive Information Exposure | cvebase