CVE-2013-1675
KEV
🔴 Łataj teraz
Błąd w Firefox i Thunderbird umożliwia zdalnym atakującym uzyskanie wrażliwych danych.
CVSS
6.5
EPSS
4.7%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.5 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 4.7% |
| Opublikowano (NVD) | 2013-05-16 11:45:30 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 16:42:11 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2013-0820.html (security@mozilla.org) [Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2013-0821.html (security@mozilla.org) [Third Party Advisory]
- http://www.debian.org/security/2013/dsa-2699 (security@mozilla.org) [Mailing List]
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:165 (security@mozilla.org) [Broken Link]
- http://www.mozilla.org/security/announce/2013/mfsa2013-47.html (security@mozilla.org) [Vendor Advisory]
- http://www.securityfocus.com/bid/59858 (security@mozilla.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.ubuntu.com/usn/USN-1822-1 (security@mozilla.org) [Third Party Advisory]
- http://www.ubuntu.com/usn/USN-1823-1 (security@mozilla.org) [Third Party Advisory]
- https://bugzilla.mozilla.org/show_bug.cgi?id=866825 (security@mozilla.org) [Exploit, Issue Tracking]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16976 (security@mozilla.org) [Broken Link]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-1675 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]