⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2013-1675

CWE-665CWE-119Buffer OverflowCWE-45610 documents8 sources
Severity
6.5MEDIUM
EPSS
4.7%
top 10.59%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
18
Mozilla FirefoxMozilla ThunderbirdMozilla Thunderbird ESR+15 more
Timeline
PublishedMay 16
KEV addedMar 3
KEV dueMar 24
Latest updateMay 17
CISA Required Action: Apply updates per vendor instructions.

Description

Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

NVDmozilla/firefox17.017.0.6+1
NVDmozilla/thunderbird< 17.0.6
NVDmozilla/thunderbird_esr17.017.0.6
NVDopensuse/opensuse12.2, 12.3+1

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 12.10, 13.04, Enterprise Linux 5.9, 6.4, 5.0, 6.0, 5.0_ppc, 6.0_ppc64, 5.9_ppc, 6.4_ppc64

🔴Vulnerability Details

3
GHSA
GHSA-7cv2-f4f9-vw96: Mozilla Firefox before 212022-05-17
CVEList
CVE-2013-1675: Mozilla Firefox before 212013-05-16
VulnCheck
Mozilla Firefox Information Disclosure Vulnerability2013

📋Vendor Advisories

4
CISA
Mozilla Firefox Information Disclosure Vulnerability2022-03-03
Ubuntu
Firefox vulnerabilities2013-05-14
Red Hat
Mozilla: Uninitialized functions in DOMSVGZoomEvent (MFSA 2013-47)2013-05-14
Ubuntu
Thunderbird vulnerabilities2013-05-14

💬Community

2
Bugzilla
CVE-2013-4518 RHUI: PKI entitlement certificates are world readable2013-11-05
Bugzilla
CVE-2013-1675 Mozilla: Uninitialized functions in DOMSVGZoomEvent (MFSA 2013-47)2013-05-14